stackoom
  简体   繁体   中英

CSRF token has been associated to this client

 原文  2021-03-20 12:34:51       java/ spring/ spring-security/ spring-cloud-gateway

Question

I am using spring-boot-starter-security-2.4.2 . I am getting issue of

CSRF Token has been associated to this client

when using in Postman.

Here I am using Spring Cloud Gateway and I added Spring Security for this.

POST: localhost:8080/auth/login

body: {
    "username": "user",
    "password": "pass"
}

I also tried with curl:

curl -d "username=user1&password=abcd" -X POST http://localhost:8080/auth/login

Below is my Spring Security configuration:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http=http
        .cors()
            .and()
        .csrf().disable();

    http=http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and();

    http=http
        .exceptionHandling()
            .authenticationEntryPoint(jwtAuthenticationEntryPoint)
            .and();
        
    http
        .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/auth/login/").permitAll()
            .antMatchers(HttpMethod.POST, "/public/user/links").permitAll()
            .anyRequest().authenticated();
        
    http
        .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}

1 answers

solution1
 0  2021-03-28 11:14:05

This issue is fixed after lots of trials

@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebSecurityConfig {

    @Autowired
    private AuthenticationManager authenticationManager;
    
    @Autowired
    private SecurityContextRepository securityContextRepository;
    
    @Autowired
    private JwtWebFilter jwtWebFilter;

    @Bean
    public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
        return http
            .exceptionHandling()
            .authenticationEntryPoint((swe, e) -> {
                return Mono.fromRunnable(() -> {
                    swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
                });
            }).accessDeniedHandler((swe, e) -> {
                return Mono.fromRunnable(() -> {
                    swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
                });
            }).and()
            .csrf().disable()
            
            .authenticationManager(authenticationManager)
            .securityContextRepository(securityContextRepository)
            .authorizeExchange()
            .pathMatchers("/auth/login").permitAll()
            .anyExchange().authenticated()
            .and().addFilterAfter(jwtWebFilter, SecurityWebFiltersOrder.FIRST)
            .build();
    }
    
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
}

it is working fine wih Gateway service m but not the down stream service. filter is not calling for other eureka clients. can anyone help?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Passing csrf token to client application CSRF token exchange from server to AngularJS client how to get valid X-CSRF-TOKEN in java REST Client? Expected CSRF token not found. Has your session expired? Expected CSRF token not found. Has your session expired 403 CSRF token not found CSRF Token implementation in Struts 1 CSRF token generation issue Spring CSRF token life CSRF token not generated with Webflux
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM