Tag Archives: four hundred and one

Feignexception $unauthorized is reported by introducing security call service

Originally, it was a good idea to study spring cloud. Later, security was introduced for security. Then there were various problems. First, the service could not be registered (solution: after introducing security, the service could not be registered with Eureka), and then the service could not be called,

The error log is as follows:

feign.FeignException$Unauthorized: [401] during [GET] to [ http://eureka-client/client/test ] [ClientService#getClientService()]: [{“timestamp”:”2021-07-08T09:01:18.940+00:00″,”status”:401,”error”:”Unauthorized”,”message”:””,”path”:”/client/test”}]

It’s easy to understand if you read a newspaper error: the call has not been authenticated. This authentication is built-in to security. There are some methods on the Internet, but they are messy and many of them don’t work. Therefore, it’s recommended to turn off the built-in call authentication of security (add logic to the call authentication side to ensure security)

Add a configuration file to the server:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService());
    }

}

Due to the version problem, sometimes you need to add additional notes to the startup file

@SpringBootApplication(exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class})

The test is effective