0

I am trying to build a complete sample code for Gateway, UI , Resource . Every thing worked perfect except when i tried to do post .

I noticed first that i have double csrf one from gateway and one from the UI . So my decision which i am not sure is the correct was to disable csrf on UI and keep it on the gateway (Zuul Proxy) but i was not able to do that .

I could not tell what adapter i should extent WebSecurityConfigurerAdapter or ResourceServerConfigurerAdapter

As soon i declare WebSecurityConfigurerAdapter the whole OAuth2Sso stop working and i got access denied and ResourceServerConfigurerAdapter does not seem to do any thing.

At first i would like to disable csrf on @EnableZuulProxy and @EnableOAuth2Sso

Shahbour
  • 1,323
  • 1
  • 16
  • 42

1 Answers1

0

Based on this answer I found out that @EnableOAuth2Sso should be on the same WebSecurityConfigurerAdapter if one exist or we will end up with having 2 Adapter , doing so fixed every thing

@Configuration
@EnableOAuth2Sso
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf()
                .disable()
                //.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                //.and()
                .authorizeRequests()
                .anyRequest().authenticated();

    }
}

On spring boot 1.5.8 I also add to set security.oauth2.resource.filter-order=3. See https://github.com/spring-projects/spring-security-oauth/issues/1016

okrunner
  • 3,083
  • 29
  • 22
Shahbour
  • 1,323
  • 1
  • 16
  • 42