csrf令牌已关联到此客户端

gstyhher 于 2021-07-16 发布在 Java

关注(0)|答案(1)|浏览(429)

我正在使用 spring-boot-starter-security-2.4.2 . 我有点担心
csrf令牌已关联到此客户端
在 Postman 中使用时。
这里我使用的是springcloudgateway，并为此添加了Spring Security 。

POST: localhost:8080/auth/login

body: {
    "username": "user",
    "password": "pass"
}

我也试过卷发：

curl -d "username=user1&password=abcd" -X POST http://localhost:8080/auth/login

下面是我的spring安全配置：

@Override
protected void configure(HttpSecurity http) throws Exception {
    http=http
        .cors()
            .and()
        .csrf().disable();

    http=http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and();

    http=http
        .exceptionHandling()
            .authenticationEntryPoint(jwtAuthenticationEntryPoint)
            .and();

    http
        .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/auth/login/").permitAll()
            .antMatchers(HttpMethod.POST, "/public/user/links").permitAll()
            .anyRequest().authenticated();

    http
        .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}

Java spring spring-security spring-cloud-gateway

来源：https://stackoverflow.com/questions/66721649/csrf-token-has-been-associated-to-this-client

1条答案

按热度按时间

lf3rwulv1#

这个问题是经过大量试验后解决的

@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebSecurityConfig {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private SecurityContextRepository securityContextRepository;

    @Autowired
    private JwtWebFilter jwtWebFilter;

    @Bean
    public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
        return http
            .exceptionHandling()
            .authenticationEntryPoint((swe, e) -> {
                return Mono.fromRunnable(() -> {
                    swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
                });
            }).accessDeniedHandler((swe, e) -> {
                return Mono.fromRunnable(() -> {
                    swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
                });
            }).and()
            .csrf().disable()

            .authenticationManager(authenticationManager)
            .securityContextRepository(securityContextRepository)
            .authorizeExchange()
            .pathMatchers("/auth/login").permitAll()
            .anyExchange().authenticated()
            .and().addFilterAfter(jwtWebFilter, SecurityWebFiltersOrder.FIRST)
            .build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

它与网关服务m工作良好，但与下游服务无关。筛选器未调用其他eureka客户端。有人能帮忙吗？

赞(0）回复(0）举报 2021-07-16

我来回答

csrf令牌已关联到此客户端

1条答案

相关问题

热门标签

最新问答