禁止使用Spring Cloud Gateway POST [英] Spring Cloud Gateway POST Forbidden
问题描述
我在Cloud Gateway路由后面有一个具有RelayToken过滤器的资源服务:
I have a resource service behind Cloud Gateway route with RelayToken filter:
routes:
- id: apis
uri: http://rest-app:8080/apis
predicates:
- Path=/apis/**
filters:
- TokenRelay=
GET请求可以正常工作,但是在POST上,我得到403 Forbidden,其中包含响应正文 CSRF令牌已与此客户端关联
我试图禁用CSRF保护,添加 Bean
GET requests work fine, but on POSTs I get 403 Forbidden with response body containing
CSRF Token has been associated to this client
I've tried to disable CSRF protection adding Bean
@Bean
fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
return http.csrf().disable().cors().disable().build()
}
但这没有效果,我仍然得到403.此外,我无法调试哪个过滤器阻止客户端执行POST请求,这是我获得的唯一日志信息.
But this has no effect and I still get 403. Moreover I cannot debug which exactly filter prevents client from doing POST requests, the only logging information I get with
logging:
level:
root: INFO
org.springframework.web: TRACE
org.springframework.security: TRACE
org.springframework.security.oauth2: TRACE
org.springframework.cloud.gateway: TRACE
org.springframework.security.jwt: TRACE
几行话说POST被禁止
is just couple of lines saying POST was forbidden
[2020-04-01 13:21:32,635] TRACE o.s.w.s.a.HttpWebHandlerAdapter - [58a0e540-10] HTTP POST "/apis/", headers={masked}
[2020-04-01 13:21:32,640] TRACE o.s.w.s.a.HttpWebHandlerAdapter - [58a0e540-10] Completed 403 FORBIDDEN, headers={masked}
[2020-04-01 13:21:32,640] TRACE o.s.h.s.r.ReactorHttpHandlerAdapter - [58a0e540-10] Handling completed
如何正确关闭CSRF?
How do I correctly turn CSRF off?
推荐答案
正确的SecurityWebFilterChain解决了我的问题:
Correct SecurityWebFilterChain that solved my problem:
@Bean
fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
return http
.authorizeExchange().anyExchange().authenticated()
.and()
.oauth2Login()
.and()
.csrf().disable()
.build()
}
这篇关于禁止使用Spring Cloud Gateway POST的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!