Giter Site home page Giter Site logo

Comments (10)

fusi0011 avatar fusi0011 commented on July 3, 2024 2

在启动类上加上以下代码(禁用csrf)即解决问题

@EnableWebSecurity
    static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable();
        }
    }

最终如下

/**
 * @author 毛宇鹏
 */
@EnableEurekaServer
@SpringBootApplication(exclude={
        DataSourceAutoConfiguration.class,
        HibernateJpaAutoConfiguration.class
})
public class RegisterApplication {

    public static void main(String[] args) {
        SpringApplication.run(RegisterApplication.class, args);
    }

    /**
     * 2.1版本的security默认加上了 csrf 拦截, 所以需要通过重写方法, 把csrf拦截禁用
     * 参考: https://github.com/spring-cloud/spring-cloud-netflix/issues/2754
     * <pre>
     *     This is because @EnableWebSecurity is now added by default when Spring Security is on the classpath.
     *     This enable CSRF protection by default. You will have the same problem in 1.5.10 if you add @EnableWebSecurity.
     *     One work around, which is not the most secure workaround if you have browsers using the Eureka dashboard, is to disable CSRF protection.
     *     This can be done by adding the following configuration to your app.
     * </pre>
     */
    @EnableWebSecurity
    static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable();
        }
    }
}

正确是这样, 要不然直接取消密码认证了

http.csrf().disable().authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()
        .httpBasic();

from spring-cloud.

hongtu1993 avatar hongtu1993 commented on July 3, 2024 1

在启动类上加上以下代码(禁用csrf)即解决问题

@EnableWebSecurity
    static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable();
        }
    }

最终如下

/**
 * @author 毛宇鹏
 */
@EnableEurekaServer
@SpringBootApplication(exclude={
        DataSourceAutoConfiguration.class,
        HibernateJpaAutoConfiguration.class
})
public class RegisterApplication {

    public static void main(String[] args) {
        SpringApplication.run(RegisterApplication.class, args);
    }

    /**
     * 2.1版本的security默认加上了 csrf 拦截, 所以需要通过重写方法, 把csrf拦截禁用
     * 参考: https://github.com/spring-cloud/spring-cloud-netflix/issues/2754
     * <pre>
     *     This is because @EnableWebSecurity is now added by default when Spring Security is on the classpath.
     *     This enable CSRF protection by default. You will have the same problem in 1.5.10 if you add @EnableWebSecurity.
     *     One work around, which is not the most secure workaround if you have browsers using the Eureka dashboard, is to disable CSRF protection.
     *     This can be done by adding the following configuration to your app.
     * </pre>
     */
    @EnableWebSecurity
    static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable();
        }
    }
}

from spring-cloud.

yinjihuan avatar yinjihuan commented on July 3, 2024

认证信息配置了吗

from spring-cloud.

Bangic avatar Bangic commented on July 3, 2024

Server:

server.port=8082
spring.security.basic.enabled=true
spring.security.user.name=eureka-user
spring.security.user.password=eureka-pass
eureka.instance.hostname=localhost

eureka.client.register-with-eureka=false
eureka.client.fetch-registry=false
Client:
server.port=8083
eureka.client.region = default
eureka.client.registryFetchIntervalSeconds = 5
eureka.client.serviceUrl.defaultZone=http://eureka-user:eureka-pass@localhost:8082/eureka/

以上配置

报错如下:
com.netflix.discovery.DiscoveryClient : DiscoveryClient_UNKNOWN/localhost:8083 - registration failed Cannot execute request on any known server

不加security是ok的

from spring-cloud.

Bangic avatar Bangic commented on July 3, 2024

spring-cloud/spring-cloud-netflix#2754 解决了~

from spring-cloud.

yinjihuan avatar yinjihuan commented on July 3, 2024

哈哈,版本升级还是有坑啊

from spring-cloud.

yinjihuan avatar yinjihuan commented on July 3, 2024

是的,需要自定义配置,我仓库中有一个monkey的有示例代码

from spring-cloud.

Sleepingbug avatar Sleepingbug commented on July 3, 2024

在启动类上加上以下代码(禁用csrf)即解决问题

@EnableWebSecurity
    static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable();
        }
    }

最终如下

/**
 * @author 毛宇鹏
 */
@EnableEurekaServer
@SpringBootApplication(exclude={
        DataSourceAutoConfiguration.class,
        HibernateJpaAutoConfiguration.class
})
public class RegisterApplication {

    public static void main(String[] args) {
        SpringApplication.run(RegisterApplication.class, args);
    }

    /**
     * 2.1版本的security默认加上了 csrf 拦截, 所以需要通过重写方法, 把csrf拦截禁用
     * 参考: https://github.com/spring-cloud/spring-cloud-netflix/issues/2754
     * <pre>
     *     This is because @EnableWebSecurity is now added by default when Spring Security is on the classpath.
     *     This enable CSRF protection by default. You will have the same problem in 1.5.10 if you add @EnableWebSecurity.
     *     One work around, which is not the most secure workaround if you have browsers using the Eureka dashboard, is to disable CSRF protection.
     *     This can be done by adding the following configuration to your app.
     * </pre>
     */
    @EnableWebSecurity
    static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable();
        }
    }
}

正确是这样, 要不然直接取消密码认证了

http.csrf().disable().authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()
        .httpBasic();

验证过了,这位大哥的做法才是正确的,我找了半天才找到这里,多谢

from spring-cloud.

yongqilei avatar yongqilei commented on July 3, 2024

楼主,请问必须要在启动类里面添加这个才会生效吗?
Spring Boot Version:2.1.3.RELEASE
Spring Cloud:Greenwich.RELEASE

我将这一段代码配置配置在启动类以外的新建的包,结果不行,其他服务注册不上。
是因为需要将这一段代码配置放到启动类里面吗?

Spring Boot更新版本真的有点坑了,需要注意的太多,就因为这些配置问题,源码都看了不少,然后就这一个eureka server安全验证的问题,搞了我一个月了。
如果有时间的话,楼主可以帮我看看吗?我实在是解决不了了,花费太多时间

from spring-cloud.

yinjihuan avatar yinjihuan commented on July 3, 2024

2.1.3的我没试过,这个太新了,放其他包也是可以的吧,只要能被spring扫描到

from spring-cloud.

Related Issues (11)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.