spring config server禁止加密
作者:互联网
我已经配置了一个spring cloud config server来使用oAuth2来保证安全性.除加密终点外,一切运行良好.当我尝试访问/加密时,我得到403 Forbidden.我在标题中包含授权承载令牌.有没有办法允许在使用oAuth保护服务器时调用加密端点,或者它是否始终被阻止?如果您想查看此服务器的任何配置文件,请告诉我.
仅供参考,以下是有效的方法.
>调用/加密/状态产生{“状态”:“确定”}
>正在拉取git存储库,因为我可以从服务器访问属性文件.
> oAuth身份验证正在与Google合作,因为它会引导我完成登录过程.
这是弹簧安全设置.
security:
require-ssl: true
auth2:
client:
clientId: PROVIDED BY GOOGLE
clientSecret: PROVIDED BY GOOGLE
accessTokenUri: https://www.googleapis.com/oauth2/v4/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth
scope:
- openid
- email
- profile
resource:
userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
preferTokenInfo: true
server:
port: 8443
ssl:
key-store-type: PKCS12
key-store: /spring-config-server/host/tomcat-keystore.p12
key-alias: tomcat
key-store-password: ${KEYSTORE_PASSWORD}
这是我从POM文件中的依赖项,因此您可以看到我正在使用的库的版本.
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
<relativePath/>
<!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.M8</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-security</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
解决方法:
我解决了它实现这个WebSecurityConfigurer.它禁用CSRF并设置基本身份验证.在Spring Boot 2.0.0中,您无法使用强制您实现Java安全配置Bean的属性来禁用CSRF.
package my.package.config.server;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.anyRequest().authenticated().and()
.httpBasic();
;
}
}
希望能帮助到你
标签:spring,spring-cloud-config 来源: https://codeday.me/bug/20190717/1486385.html