在 v2.0.X 中无法使用 Spring Cloud + boot 调用/encrypt 端点 [英] Unable to call the /encrypt endpoint with Spring Cloud + boot in v2.0.X

问题描述

我使用的是 Spring Cloud and Security 示例.在这个例子中，我使用的是 Spring Boot 版本 1.4.1.RELEASE.Spring Boot 父版本到 2.0.4.RELASE.我在端点之后更新依赖项的那一刻开始中断.

我已经阅读了

我在下面使用的代码

pom.xml

<groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.0.4.RELEASE</version><相对路径/><!-- 从存储库中查找父级 --></父母><属性><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding><java.version>1.8</java.version><spring-cloud.version>Finchley.SR1</spring-cloud.version></属性><依赖项><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-actuator</artifactId></依赖><依赖><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-config-server</artifactId></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><范围>测试</范围></依赖></依赖项><依赖管理><依赖项><依赖><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-dependencies</artifactId><version>${spring-cloud.version}</version><type>pom</type><范围>导入</范围></依赖></依赖项></dependencyManagement>

application.yml

---服务器:端口:8888弹簧:云:配置:服务器:吉特:uri:https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls搜索路径:- '站*'回购:性能:模式:- "*/perf"uri : https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf搜索路径:- '站*'# 启用基本身份验证的安全性安全:用户:名称:ABC_123密码:ABC##123

bootstrap.properties

encrypt.key=ABCDEFGHIJKLMNOPQRSTUVWXYZ

WebSecurityConfig.java

@EnableWebSecurity@配置公共类 WebSecurityConfig 扩展了 WebSecurityConfigurerAdapter{@覆盖protected void configure(HttpSecurity http) 抛出异常{http.authorizeRequests().antMatchers("/").permitAll();}}

项目结构:

解决方案

问题是 Spring Security 默认启用 csrf 保护.您可以在此处阅读更多信息.

简单地禁用 csrf 保护将有助于/encrypt 再次被访问.

http.csrf().disable().authorizeRequests().mvcMatchers(HttpMethod.POST, "/encrypt/**").permitAll();

I was using the Spring Cloud and Security example. In this example, I was using Spring Boot version 1.4.1.RELEASE. Spring Boot parent version to 2.0.4.RELASE. The moment I updated the dependency following endpoint started breaking.

I already went through Spring Cloud Config - Encrypt Password and documentation http://cloud.spring.io/spring-cloud-static/Finchley.RELEASE/single/spring-cloud.html, but not sure why I am getting forbiddeb error.

I tried using CURL and POSTMAN, get the forbidden error.

C:\Users\pc>curl localhost:8888/encrypt -d connectionstring=server123;user=root;password@word1 {"timestamp":"2018-09-01T12:53:17.382+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/encrypt"} C:\Users\pc>

NOTE: My Server running on port 8888 fine & JCE files are added already

POST : http://localhost:8888/encrypt

The code I used below

pom.xml

<parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.4.RELEASE</version>
        <relativePath /> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
        <spring-cloud.version>Finchley.SR1</spring-cloud.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-config-server</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

application.yml

---

server:
  port: 8888


spring:
  cloud:
    config:
      server:
        git:
          uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls

          search-paths:
          - 'station*'
          repos:
            perf: 
              pattern:
              - "*/perf"
              uri : https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf
              search-paths :
              - 'station*'

# Enable security for Basic Auth
  security:
    user:
      name: ABC_123
      password: ABC##123

bootstrap.properties

encrypt.key=ABCDEFGHIJKLMNOPQRSTUVWXYZ

WebSecurityConfig.java

@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests().antMatchers("/").permitAll();
    }
}

Project structure:

解决方案

The problem is that Spring Security enables csrf protection by default. You can read here for more information.

Simply disable csrf protection will help /encrypt to be accessible again.

http.csrf().disable()
            .authorizeRequests().mvcMatchers(HttpMethod.POST, "/encrypt/**")
            .permitAll();

这篇关于在 v2.0.X 中无法使用 Spring Cloud + boot 调用/encrypt 端点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！