问题
I was using the Spring Cloud and Security example. In this example, I was using Spring Boot version 1.4.1.RELEASE. Spring Boot parent version to 2.0.4.RELASE. The moment I updated the dependency following endpoint started breaking.
I already went through Spring Cloud Config - Encrypt Password and documentation http://cloud.spring.io/spring-cloud-static/Finchley.RELEASE/single/spring-cloud.html, but not sure why I am getting forbiddeb error.
I tried using CURL and POSTMAN, get the forbidden error.
C:\Users\pc>curl localhost:8888/encrypt -d connectionstring=server123;user=root;password@word1 {"timestamp":"2018-09-01T12:53:17.382+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/encrypt"} C:\Users\pc>
NOTE: My Server running on port 8888 fine & JCE files are added already
POST : http://localhost:8888/encrypt
The code I used below
pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.4.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.SR1</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
application.yml
---
server:
port: 8888
spring:
cloud:
config:
server:
git:
uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls
search-paths:
- 'station*'
repos:
perf:
pattern:
- "*/perf"
uri : https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf
search-paths :
- 'station*'
# Enable security for Basic Auth
security:
user:
name: ABC_123
password: ABC##123
bootstrap.properties
encrypt.key=ABCDEFGHIJKLMNOPQRSTUVWXYZ
WebSecurityConfig.java
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests().antMatchers("/").permitAll();
}
}
Project structure:
回答1:
The problem is that Spring Security enables csrf protection by default. You can read here for more information.
Simply disable csrf protection will help /encrypt to be accessible again.
http.csrf().disable()
.authorizeRequests().mvcMatchers(HttpMethod.POST, "/encrypt/**")
.permitAll();
来源:https://stackoverflow.com/questions/52128302/unable-to-call-the-encrypt-endpoint-with-spring-cloud-boot-in-v2-0-x