Spring Cloud Gateway POST禁用

Question

我有一个带RelayToken过滤器的云网关路由后面的资源服务：

      routes:
        - id: apis
          uri: http://rest-app:8080/apis
          predicates:
            - Path=/apis/**
          filters:
            - TokenRelay=

GET请求可以很好地工作，但在帖子中，我得到了包含CSRF Token has been associated to this client的响应主体，我尝试禁用CSRF保护，添加了Bean

@Bean
fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
    return http.csrf().disable().cors().disable().build()
}

但这没有效果，我仍然得到403。此外，我不能调试确切的过滤器阻止客户端执行POST请求，这是我获得的唯一日志记录信息

logging:
  level:
    root: INFO
    org.springframework.web: TRACE
    org.springframework.security: TRACE
    org.springframework.security.oauth2: TRACE
    org.springframework.cloud.gateway: TRACE
    org.springframework.security.jwt: TRACE

只有几行话说POST是禁止的

[2020-04-01 13:21:32,635] TRACE o.s.w.s.a.HttpWebHandlerAdapter  - [58a0e540-10] HTTP POST "/apis/", headers={masked} 
[2020-04-01 13:21:32,640] TRACE o.s.w.s.a.HttpWebHandlerAdapter  - [58a0e540-10] Completed 403 FORBIDDEN, headers={masked} 
[2020-04-01 13:21:32,640] TRACE o.s.h.s.r.ReactorHttpHandlerAdapter  - [58a0e540-10] Handling completed 

如何正确关闭CSRF？

Answer 1

正确的SecurityWebFilterChain解决了我的问题：

@Bean
fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
    return http
        .authorizeExchange().anyExchange().authenticated()
        .and()
        .oauth2Login()
        .and()
        .csrf().disable()
        .build()
}