注册中心配置了spring security后客户端启动报错
注册中心配置了security后, 报了 registration failed Cannot execute request on any known server
的错误, 原因是 2.1版本的security默认加上了 csrf 拦截, 所以需要通过重写方法, 把csrf拦截禁用
在启动类上加上以下代码(禁用csrf)即解决问题
@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
}
完整代码如下:
/**
* @author 毛宇鹏
*/
@EnableEurekaServer
@SpringBootApplication(exclude={
DataSourceAutoConfiguration.class,
HibernateJpaAutoConfiguration.class
})
public class RegisterApplication {
public static void main(String[] args) {
SpringApplication.run(RegisterApplication.class, args);
}
/**
* 2.1版本的security默认加上了 csrf 拦截, 所以需要通过重写方法, 把csrf拦截禁用
* 参考: https://github.com/spring-cloud/spring-cloud-netflix/issues/2754
*
* This is because @EnableWebSecurity is now added by default when Spring Security is on the classpath.
* This enable CSRF protection by default. You will have the same problem in 1.5.10 if you add @EnableWebSecurity.
* One work around, which is not the most secure workaround if you have browsers using the Eureka dashboard, is to disable CSRF protection.
* This can be done by adding the following configuration to your app.
*
*/
@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
}
}