Try to search your question here, if you can't find : Ask Any Question Now ?

Security configuration issues migrating from Zuul to Spring Cloud Gateway

HomeCategory: stackoverflowSecurity configuration issues migrating from Zuul to Spring Cloud Gateway
kundan asked 2 weeks ago

I am trying to migrate my fully functional Zuul microservice to Spring Cloud Gateway and am receiving the following response when issuing requests through the gateway:

HTTP/1.1 403 Forbidden

Server: xxxxxxxxxxxx

Date: Mon, 11 Mar 2019 15:31:15 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: keep-alive

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: 0

X-Content-Type-Options: nosniff

X-Frame-Options: DENY

X-XSS-Protection: 1 ; mode=block

Content-Encoding: gzip



CSRF Token has been associated to this client

Following is my Spring Cloud Gateway security configuration:

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

@EnableWebFluxSecurity
public class SecurityConfiguration {

  @Bean
  SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity serverHttpSecurity)
      throws Exception {
    return serverHttpSecurity.csrf().disable().authorizeExchange().pathMatchers("/**").permitAll()
        .and().build();
  }

}

Here’s the configuration that works with Zuul:

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(final HttpSecurity httpSecurity) throws Exception {
    httpSecurity.authorizeRequests().antMatchers("/**").permitAll().and().csrf().disable();
  }
}

I have CSRF protection disabled in my Spring Cloud Gateway security configuration, so why am I receiving the 403 with CSRF Token has been associated to this client response?

I am on Spring Cloud Finchley.SR3/Spring Boot 2.0.8.RELEASE.

1 Answers
Best Answer
Jyoti answered 2 weeks ago
Your Answer

14 + 17 =

Popular Tags

WP Facebook Auto Publish Powered By : XYZScripts.com