[英]CSRF token has been associated to this client
I am using spring-boot-starter-security-2.4.2
.我正在使用
spring-boot-starter-security-2.4.2
。 I am getting issue of我遇到了问题
CSRF Token has been associated to this client
CSRF Token 已与此客户端关联
when using in Postman.在 Postman 中使用时。
Here I am using Spring Cloud Gateway and I added Spring Security for this.在这里,我使用 Spring 云网关并为此添加了 Spring 安全性。
POST: localhost:8080/auth/login
body: {
"username": "user",
"password": "pass"
}
I also tried with curl:我也试过 curl:
curl -d "username=user1&password=abcd" -X POST http://localhost:8080/auth/login
Below is my Spring Security configuration:下面是我的 Spring 安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http=http
.cors()
.and()
.csrf().disable();
http=http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and();
http=http
.exceptionHandling()
.authenticationEntryPoint(jwtAuthenticationEntryPoint)
.and();
http
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/auth/login/").permitAll()
.antMatchers(HttpMethod.POST, "/public/user/links").permitAll()
.anyRequest().authenticated();
http
.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
This issue is fixed after lots of trials这个问题经过多次试验后得到修复
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebSecurityConfig {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private SecurityContextRepository securityContextRepository;
@Autowired
private JwtWebFilter jwtWebFilter;
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
return http
.exceptionHandling()
.authenticationEntryPoint((swe, e) -> {
return Mono.fromRunnable(() -> {
swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
});
}).accessDeniedHandler((swe, e) -> {
return Mono.fromRunnable(() -> {
swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
});
}).and()
.csrf().disable()
.authenticationManager(authenticationManager)
.securityContextRepository(securityContextRepository)
.authorizeExchange()
.pathMatchers("/auth/login").permitAll()
.anyExchange().authenticated()
.and().addFilterAfter(jwtWebFilter, SecurityWebFiltersOrder.FIRST)
.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
it is working fine wih Gateway service m but not the down stream service.它在网关服务 m 上运行良好,但在 stream 服务下运行良好。 filter is not calling for other eureka clients.
过滤器不调用其他尤里卡客户端。 can anyone help?
谁能帮忙?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.