Spring 云网关 POST 禁止访问

Spring Cloud Gateway POST Forbidden

我在带有 RelayToken 过滤器的 Cloud Gateway 路由后面有一个资源服务:

      routes:
        - id: apis
          uri: http://rest-app:8080/apis
          predicates:
            - Path=/apis/**
          filters:
            - TokenRelay=

GET 请求工作正常,但在 POSTs 我收到 403 Forbidden 响应正文包含 CSRF Token has been associated to this client 我试图禁用 CSRF 保护添加 Bean

@Bean
fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
    return http.csrf().disable().cors().disable().build()
}

但这没有效果,我仍然得到 403。此外,我无法调试到底是哪个过滤器阻止客户端执行 POST 请求,这是我通过

获得的唯一日志记录信息
logging:
  level:
    root: INFO
    org.springframework.web: TRACE
    org.springframework.security: TRACE
    org.springframework.security.oauth2: TRACE
    org.springframework.cloud.gateway: TRACE
    org.springframework.security.jwt: TRACE

只是几行说 POST 被禁止

[2020-04-01 13:21:32,635] TRACE o.s.w.s.a.HttpWebHandlerAdapter  - [58a0e540-10] HTTP POST "/apis/", headers={masked} 
[2020-04-01 13:21:32,640] TRACE o.s.w.s.a.HttpWebHandlerAdapter  - [58a0e540-10] Completed 403 FORBIDDEN, headers={masked} 
[2020-04-01 13:21:32,640] TRACE o.s.h.s.r.ReactorHttpHandlerAdapter  - [58a0e540-10] Handling completed 

如何正确关闭 CSRF?

更正 SecurityWebFilterChain 解决了我的问题:

@Bean
fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
    return http
        .authorizeExchange().anyExchange().authenticated()
        .and()
        .oauth2Login()
        .and()
        .csrf().disable()
        .build()
}