我正在尝试将功能齐全的Zuul微服务迁移到Spring Cloud Gateway,并在通过网关发出请求时收到以下响应:
HTTP/1.1 403 Forbidden
Server: xxxxxxxxxxxx
Date: Mon, 11 Mar 2019 15:31:15 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Content-Encoding: gzip
CSRF Token has been associated to this client
以下是我的Spring Cloud Gateway安全配置:
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
@EnableWebFluxSecurity
public class SecurityConfiguration {
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity serverHttpSecurity)
throws Exception {
return serverHttpSecurity.csrf().disable().authorizeExchange().pathMatchers("/**").permitAll()
.and().build();
}
}
以下是与Zuul配合使用的配置:
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(final HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests().antMatchers("/**").permitAll().and().csrf().disable();
}
}
我在Spring Cloud Gateway安全配置中禁用了CSRF保护,那么为什么收到CSRF Token has been associated to this client响应的403?
我在Spring Cloud Finchley.SR3 / Spring Boot 2.0.8.RELEASE上。