註冊中心配置了spring security後客戶端啓動報錯

註冊中心配置了security後, 報了 registration failed Cannot execute request on any known server 的錯誤, 緣由是 2.1版本的security默認加上了 csrf 攔截, 因此須要經過重寫方法, 把csrf攔截禁用

在啓動類上加上如下代碼(禁用csrf)即解決問題

@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
        .authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()
        .httpBasic();
    }
}

完整代碼以下:

/**
 * @author 毛宇鵬
 */
@EnableEurekaServer
@SpringBootApplication(exclude={
        DataSourceAutoConfiguration.class,
        HibernateJpaAutoConfiguration.class
})
public class RegisterApplication {

    public static void main(String[] args) {
        SpringApplication.run(RegisterApplication.class, args);
    }

    /**
     * 2.1版本的security默認加上了 csrf 攔截, 因此須要經過重寫方法, 把csrf攔截禁用
     * 參考: https://github.com/spring-cloud/spring-cloud-netflix/issues/2754
     * <pre>
     *     This is because @EnableWebSecurity is now added by default when Spring Security is on the classpath.
     *     This enable CSRF protection by default. You will have the same problem in 1.5.10 if you add @EnableWebSecurity.
     *     One work around, which is not the most secure workaround if you have browsers using the Eureka dashboard, is to disable CSRF protection.
     *     This can be done by adding the following configuration to your app.
     * </pre>
     */
    @EnableWebSecurity
    static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable()
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .httpBasic();
        }
    }
}