Eureka Registe Invalid CSRF token found

Question

Eureka Registe Invalid CSRF token found

weiro-9-w7 opened this issue 4 months ago · 3 comments

Describe the bug
Please provide details of the problem, including the version of Spring Cloud that you
are using.

<spring-cloud.version>2023.0.3</spring-cloud.version>

Sample
If possible, please provide a test case or sample application that reproduces
the problem. This makes it much easier for us to diagnose the problem and to verify that
we have fixed it.

Eureke Server Config:

  application:
    name: spring-eureka-demo
  security:
    user:
      name: admin
      password: admin

server:
  port: 3000


eureka:
  client:
    register-with-eureka: false
    fetch-registry: false
  server:
    enable-self-preservation: false

logging:
  level:
    org:
      springframework:
        security: DEBUG
        cloud:
          netflix: DEBUG

@Configuration
@EnableWebSecurity
public class SecurityConfig {


  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http.authorizeHttpRequests((authz) -> authz
            .requestMatchers("/eureka/**").permitAll()
            .requestMatchers("/actuator/health").permitAll()
            .requestMatchers("/actuator/**").hasRole("ADMIN")
            .anyRequest().authenticated()
        )
        .httpBasic(withDefaults())
        .csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
            .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
            .disable()
        );
    return http.build();
  }

}

Eureka client:
spring:
  application:
    name: spring-config-demo
  security:
    user:
      name: admin
      password: admin

  profiles:
    default: native
    active: native

  cloud:
    config:
      server:
        native:
          search-locations: classpath:/configDev/

eureka:
  client:
    serviceUrl:
      defaultZone: http://admin:admin@spring-eureka-demo:3000/eureka/

server:
  port: 8104

when eureka client send request to eureka server, found the return 401 exception.
from eureka server log,
Securing POST /eureka/apps/SPRING-CONFIG-DEMO Securing PUT /eureka/apps/SPRING-CONFIG-DEMO/spring-eureka-demo:spring-conf Invalid CSRF token found for http://spring-eureka-demo:3000/eureka/apps/SPR Responding with 403 status code Invalid CSRF token found for http://spring-eureka-demo:3000/eureka/apps/SPR Responding with 403 status code Securing POST /error

Answer 1 · 2024-09-06T14:19:16.000Z

Hello @weiro-9-w7, thanks for reporting the issue. Please see this branch for correct CSRF configuration sample: https://github.com/spring-cloud-samples/eureka/blob/Eureka-With-Security-4.x/src/main/java/eurekademo/EurekaApplication.java . Please let us know if applying this configuration solves your issue.

Answer 2 · 2024-09-13T14:20:34.000Z

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Answer 3 · 2024-09-20T14:20:32.000Z

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.