在 v2.0.X 中无法使用 Spring Cloud + boot 调用/encrypt 端点 [英] Unable to call the /encrypt endpoint with Spring Cloud + boot in v2.0.X
问题描述
我使用的是 Spring Cloud and Security 示例.在这个例子中,我使用的是 Spring Boot 版本 1.4.1.RELEASE
.Spring Boot 父版本到 2.0.4.RELASE
.我在端点之后更新依赖项的那一刻开始中断.
我已经阅读了
我在下面使用的代码
pom.xml
<groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.0.4.RELEASE</version><相对路径/><!-- 从存储库中查找父级 --></父母><属性><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding><java.version>1.8</java.version><spring-cloud.version>Finchley.SR1</spring-cloud.version></属性><依赖项><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-actuator</artifactId></依赖><依赖><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-config-server</artifactId></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><范围>测试</范围></依赖></依赖项><依赖管理><依赖项><依赖><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-dependencies</artifactId><version>${spring-cloud.version}</version><type>pom</type><范围>导入</范围></依赖></依赖项></dependencyManagement>
application.yml
---服务器:端口:8888弹簧:云:配置:服务器:吉特:uri:https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls搜索路径:- '站*'回购:性能:模式:- "*/perf"uri : https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf搜索路径:- '站*'# 启用基本身份验证的安全性安全:用户:名称:ABC_123密码:ABC##123
bootstrap.properties
encrypt.key=ABCDEFGHIJKLMNOPQRSTUVWXYZ
WebSecurityConfig.java
@EnableWebSecurity@配置公共类 WebSecurityConfig 扩展了 WebSecurityConfigurerAdapter{@覆盖protected void configure(HttpSecurity http) 抛出异常{http.authorizeRequests().antMatchers("/").permitAll();}}
项目结构:
问题是 Spring Security 默认启用 csrf 保护.您可以在此处阅读更多信息.
简单地禁用 csrf 保护将有助于/encrypt 再次被访问.
http.csrf().disable().authorizeRequests().mvcMatchers(HttpMethod.POST, "/encrypt/**").permitAll();
I was using the Spring Cloud and Security example. In this example, I was using Spring Boot version 1.4.1.RELEASE
. Spring Boot parent version to 2.0.4.RELASE
. The moment I updated the dependency following endpoint started breaking.
I already went through Spring Cloud Config - Encrypt Password and documentation http://cloud.spring.io/spring-cloud-static/Finchley.RELEASE/single/spring-cloud.html, but not sure why I am getting forbiddeb error.
I tried using CURL and POSTMAN, get the forbidden error.
C:\Users\pc>curl localhost:8888/encrypt -d connectionstring=server123;user=root;password@word1 {"timestamp":"2018-09-01T12:53:17.382+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/encrypt"} C:\Users\pc>
NOTE: My Server running on port 8888 fine & JCE files are added already
POST : http://localhost:8888/encrypt
The code I used below
pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.4.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.SR1</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
application.yml
---
server:
port: 8888
spring:
cloud:
config:
server:
git:
uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls
search-paths:
- 'station*'
repos:
perf:
pattern:
- "*/perf"
uri : https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf
search-paths :
- 'station*'
# Enable security for Basic Auth
security:
user:
name: ABC_123
password: ABC##123
bootstrap.properties
encrypt.key=ABCDEFGHIJKLMNOPQRSTUVWXYZ
WebSecurityConfig.java
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests().antMatchers("/").permitAll();
}
}
Project structure:
The problem is that Spring Security enables csrf protection by default. You can read here for more information.
Simply disable csrf protection will help /encrypt to be accessible again.
http.csrf().disable()
.authorizeRequests().mvcMatchers(HttpMethod.POST, "/encrypt/**")
.permitAll();
这篇关于在 v2.0.X 中无法使用 Spring Cloud + boot 调用/encrypt 端点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!