我有以下服务:
尤里卡服务器
身份验证服务器
- Spring网关
- 这将把登录请求传递给登录服务
- 所有其他请求都将通过身份验证(使用jwt令牌和密钥(并传递给其他服务
登录服务
- 验证登录并发布jwt令牌
下面是我的配置。流甚至没有到达这个代码。。
@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class SecurityConfig {
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfig.class);
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private SecurityContextRepository securityContextRepository;
@Bean(value="org.springframework.security.config.annotation.web.reactive.WebFluxSecurityConfiguration.WebFilterChainFilter")
public SecurityWebFilterChain springSecurityWebFilterChainFilter(ServerHttpSecurity http) {
LOGGER.info("In the securiry config..................");
return http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint((swe, e) -> {
return Mono.fromRunnable(() -> {
swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
});
}).accessDeniedHandler((swe, e) -> {
return Mono.fromRunnable(() -> {
swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
});
})
.and()
.authenticationManager(authenticationManager)
.securityContextRepository(securityContextRepository)
.authorizeExchange()
.pathMatchers(HttpMethod.OPTIONS).permitAll()
.pathMatchers("/login-service/api/login").permitAll()
.anyExchange().authenticated()
.and().build();
}
}
我总是得到403和An expected CSRF token cannot be found这个错误,即使我已经禁用了csrf。有人能帮上忙吗?
您是否尝试添加您的角色:
.authorizeExchange()
.pathMatchers("/login-service/api/login").hasAuthority("ROLE_ADMIN")
.anyExchange().authenticated()
.and().build();