Comments (10)
在启动类上加上以下代码(禁用csrf)即解决问题
@EnableWebSecurity static class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); } }最终如下
/** * @author 毛宇鹏 */ @EnableEurekaServer @SpringBootApplication(exclude={ DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class }) public class RegisterApplication { public static void main(String[] args) { SpringApplication.run(RegisterApplication.class, args); } /** * 2.1版本的security默认加上了 csrf 拦截, 所以需要通过重写方法, 把csrf拦截禁用 * 参考: https://github.com/spring-cloud/spring-cloud-netflix/issues/2754 * <pre> * This is because @EnableWebSecurity is now added by default when Spring Security is on the classpath. * This enable CSRF protection by default. You will have the same problem in 1.5.10 if you add @EnableWebSecurity. * One work around, which is not the most secure workaround if you have browsers using the Eureka dashboard, is to disable CSRF protection. * This can be done by adding the following configuration to your app. * </pre> */ @EnableWebSecurity static class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); } } }
正确是这样, 要不然直接取消密码认证了
http.csrf().disable().authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
from spring-cloud.
在启动类上加上以下代码(禁用csrf)即解决问题
@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
最终如下
/**
* @author 毛宇鹏
*/
@EnableEurekaServer
@SpringBootApplication(exclude={
DataSourceAutoConfiguration.class,
HibernateJpaAutoConfiguration.class
})
public class RegisterApplication {
public static void main(String[] args) {
SpringApplication.run(RegisterApplication.class, args);
}
/**
* 2.1版本的security默认加上了 csrf 拦截, 所以需要通过重写方法, 把csrf拦截禁用
* 参考: https://github.com/spring-cloud/spring-cloud-netflix/issues/2754
* <pre>
* This is because @EnableWebSecurity is now added by default when Spring Security is on the classpath.
* This enable CSRF protection by default. You will have the same problem in 1.5.10 if you add @EnableWebSecurity.
* One work around, which is not the most secure workaround if you have browsers using the Eureka dashboard, is to disable CSRF protection.
* This can be done by adding the following configuration to your app.
* </pre>
*/
@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
}
from spring-cloud.
认证信息配置了吗
from spring-cloud.
Server:
server.port=8082
spring.security.basic.enabled=true
spring.security.user.name=eureka-user
spring.security.user.password=eureka-pass
eureka.instance.hostname=localhost
eureka.client.register-with-eureka=false
eureka.client.fetch-registry=false
Client:
server.port=8083
eureka.client.region = default
eureka.client.registryFetchIntervalSeconds = 5
eureka.client.serviceUrl.defaultZone=http://eureka-user:eureka-pass@localhost:8082/eureka/
以上配置
报错如下:
com.netflix.discovery.DiscoveryClient : DiscoveryClient_UNKNOWN/localhost:8083 - registration failed Cannot execute request on any known server
不加security是ok的
from spring-cloud.
spring-cloud/spring-cloud-netflix#2754 解决了~
from spring-cloud.
哈哈,版本升级还是有坑啊
from spring-cloud.
是的,需要自定义配置,我仓库中有一个monkey的有示例代码
from spring-cloud.
在启动类上加上以下代码(禁用csrf)即解决问题
@EnableWebSecurity static class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); } }最终如下
/** * @author 毛宇鹏 */ @EnableEurekaServer @SpringBootApplication(exclude={ DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class }) public class RegisterApplication { public static void main(String[] args) { SpringApplication.run(RegisterApplication.class, args); } /** * 2.1版本的security默认加上了 csrf 拦截, 所以需要通过重写方法, 把csrf拦截禁用 * 参考: https://github.com/spring-cloud/spring-cloud-netflix/issues/2754 * <pre> * This is because @EnableWebSecurity is now added by default when Spring Security is on the classpath. * This enable CSRF protection by default. You will have the same problem in 1.5.10 if you add @EnableWebSecurity. * One work around, which is not the most secure workaround if you have browsers using the Eureka dashboard, is to disable CSRF protection. * This can be done by adding the following configuration to your app. * </pre> */ @EnableWebSecurity static class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); } } }正确是这样, 要不然直接取消密码认证了
http.csrf().disable().authorizeRequests() .anyRequest() .authenticated() .and() .httpBasic();
验证过了,这位大哥的做法才是正确的,我找了半天才找到这里,多谢
from spring-cloud.
楼主,请问必须要在启动类里面添加这个才会生效吗?
Spring Boot Version:2.1.3.RELEASE
Spring Cloud:Greenwich.RELEASE
我将这一段代码配置配置在启动类以外的新建的包,结果不行,其他服务注册不上。
是因为需要将这一段代码配置放到启动类里面吗?
Spring Boot更新版本真的有点坑了,需要注意的太多,就因为这些配置问题,源码都看了不少,然后就这一个eureka server安全验证的问题,搞了我一个月了。
如果有时间的话,楼主可以帮我看看吗?我实在是解决不了了,花费太多时间
from spring-cloud.
2.1.3的我没试过,这个太新了,放其他包也是可以的吧,只要能被spring扫描到
from spring-cloud.
Related Issues (11)
- restTemplate报错:No instances available for localhost HOT 2
- zuul 报403非法请求 HOT 1
- spring cloud gateway 中 如何使用示例断言
- 找不到依赖 HOT 2
- 服务安全方案 HOT 4
- cxytiandi-jdbc在哪下载? HOT 2
- 《Spring Cloud微服务》入门,实战与进阶,第2章的源码spring-boot-starter-demo问题 HOT 1
- 注释错误
- spring cluod gateway HOT 1
- 从配置获取就不用在配置类中设值了吧 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-cloud.