堆栈内存溢出
  简体   繁体   English

CSRF 令牌已与此客户端关联

[英]CSRF token has been associated to this client

 原文  2021-03-20 12:34:51       java/ spring/ spring-security/ spring-cloud-gateway

问题描述

I am using spring-boot-starter-security-2.4.2 .我正在使用spring-boot-starter-security-2.4.2 I am getting issue of我遇到了问题

CSRF Token has been associated to this client CSRF Token 已与此客户端关联

when using in Postman.在 Postman 中使用时。

Here I am using Spring Cloud Gateway and I added Spring Security for this.在这里,我使用 Spring 云网关并为此添加了 Spring 安全性。

POST: localhost:8080/auth/login

body: {
    "username": "user",
    "password": "pass"
}

I also tried with curl:我也试过 curl:

curl -d "username=user1&password=abcd" -X POST http://localhost:8080/auth/login

Below is my Spring Security configuration:下面是我的 Spring 安全配置:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http=http
        .cors()
            .and()
        .csrf().disable();

    http=http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and();

    http=http
        .exceptionHandling()
            .authenticationEntryPoint(jwtAuthenticationEntryPoint)
            .and();
        
    http
        .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/auth/login/").permitAll()
            .antMatchers(HttpMethod.POST, "/public/user/links").permitAll()
            .anyRequest().authenticated();
        
    http
        .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}

1 个解决方案

解决方案1
 0  2021-03-28 11:14:05

This issue is fixed after lots of trials这个问题经过多次试验后得到修复

@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebSecurityConfig {

    @Autowired
    private AuthenticationManager authenticationManager;
    
    @Autowired
    private SecurityContextRepository securityContextRepository;
    
    @Autowired
    private JwtWebFilter jwtWebFilter;

    @Bean
    public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
        return http
            .exceptionHandling()
            .authenticationEntryPoint((swe, e) -> {
                return Mono.fromRunnable(() -> {
                    swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
                });
            }).accessDeniedHandler((swe, e) -> {
                return Mono.fromRunnable(() -> {
                    swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
                });
            }).and()
            .csrf().disable()
            
            .authenticationManager(authenticationManager)
            .securityContextRepository(securityContextRepository)
            .authorizeExchange()
            .pathMatchers("/auth/login").permitAll()
            .anyExchange().authenticated()
            .and().addFilterAfter(jwtWebFilter, SecurityWebFiltersOrder.FIRST)
            .build();
    }
    
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
}

it is working fine wih Gateway service m but not the down stream service.它在网关服务 m 上运行良好,但在 stream 服务下运行良好。 filter is not calling for other eureka clients.过滤器不调用其他尤里卡客户端。 can anyone help?谁能帮忙?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将CSRF令牌传递给客户端应用程序 - Passing csrf token to client application 从服务器到AngularJS客户端的CSRF令牌交换 - CSRF token exchange from server to AngularJS client 如何在 java REST 客户端中获取有效的 X-CSRF-TOKEN? - how to get valid X-CSRF-TOKEN in java REST Client? 找不到预期的CSRF令牌。 您的会话是否已过期? - Expected CSRF token not found. Has your session expired? 未找到预期的CSRF令牌。您的会话是否已过期403 - Expected CSRF token not found. Has your session expired 403 找不到CSRF令牌 - CSRF token not found Struts 1中的CSRF令牌实现 - CSRF Token implementation in Struts 1 CSRF 代币生成问题 - CSRF token generation issue Spring CSRF令牌生命 - Spring CSRF token life 未使用 Webflux 生成 CSRF 令牌 - CSRF token not generated with Webflux
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM