注册中心配置了 security 后, 报了 registration failed Cannot execute request on any known server 的错误, 原因是 2.1 版本的 security 默认加上了 csrf 拦截, 所以需要通过重写方法, 把 csrf 拦截禁用
在启动类上加上以下代码 (禁用 csrf) 即解决问题
@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {http.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();}
}完整代码如下:
/**
* @author 毛宇鹏
*/
@EnableEurekaServer
@SpringBootApplication(exclude={
DataSourceAutoConfiguration.class,
HibernateJpaAutoConfiguration.class
})
public class RegisterApplication {public static void main(String[] args) {SpringApplication.run(RegisterApplication.class, args);
}
/**
* 2.1 版本的 security 默认加上了 csrf 拦截, 所以需要通过重写方法, 把 csrf 拦截禁用
* 参考: https://github.com/spring-cloud/spring-cloud-netflix/issues/2754
* <pre>
* This is because @EnableWebSecurity is now added by default when Spring Security is on the classpath.
* This enable CSRF protection by default. You will have the same problem in 1.5.10 if you add @EnableWebSecurity.
* One work around, which is not the most secure workaround if you have browsers using the Eureka dashboard, is to disable CSRF protection.
* This can be done by adding the following configuration to your app.
* </pre>
*/
@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {http.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();}
}
}