spring-boot - Spring Lemon：缺少响应标头 Set-Cookie 和 X-XSRF-TOKEN

问题描述

对于我当前的项目，我使用 1.0.0.RC1 版本的 Spring Lemon 库。当我发出 /api/core/context 请求时，我没有得到 Set-Cookie 和 X-XSRF-TOKEN 标头。

对于我早期的项目，我使用了 Spring Lemon 0.9.0，它运行良好，在上下文请求之后，我可以设置这些参数并发出更多请求。现在无法获取它们，如果我提出除 /context 或 /ping 以外的任何请求，我会收到“无效的 CORS 请求”作为响应。

我的代码就像这里的示例项目：https ://github.com/naturalprogrammer/spring-lemon/wiki/Getting-Started-With-Spring-Lemon有两个变化：

我使用 application.properties 而不是 yml。（后来我希望它在包之外并且@PropertySource仅与 .properties 一起使用。）
我使用战争包装而不是罐子。我将它部署到 Apache Tomcat 中。所以，在 application.properties 我lemon.cors.allowed-origins: http://localhost:9000改为lemon.cors.allowed-origins: http://localhost:8080

在上下文请求后记录：

2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 4 of 14 in additional filter chain; firing Filter: 'CorsFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 5 of 14 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2019-01-06 10:44:41 DEBUG AntPathRequestMatcher:176 - Checking match of request : '/api/core/context'; against '/oauth2/authorization/{registrationId}'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 6 of 14 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2019-01-06 10:44:41 DEBUG AndRequestMatcher:66 - Trying to match using Ant [pattern='/login/oauth2/code/*']
2019-01-06 10:44:41 DEBUG AntPathRequestMatcher:176 - Checking match of request : '/api/core/context'; against '/login/oauth2/code/*'
2019-01-06 10:44:41 DEBUG AndRequestMatcher:69 - Did not match
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 7 of 14 in additional filter chain; firing Filter: 'LemonJpaTokenAuthenticationFilter'
2019-01-06 10:44:41 DEBUG LemonCommonsWebTokenAuthenticationFilter:42 - Inside LemonTokenAuthenticationFilter ...
2019-01-06 10:44:41 DEBUG LemonCommonsWebTokenAuthenticationFilter:70 - Token authentication skipped
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 8 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-01-06 10:44:41 DEBUG AntPathRequestMatcher:156 - Request 'GET /api/core/context' doesn't match 'POST /api/core/login'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-01-06 10:44:41 DEBUG AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@8a1370cd: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-01-06 10:44:41 DEBUG RequestMappingHandlerMapping:420 - Mapped to public java.util.Map<java.lang.String, java.lang.Object> com.naturalprogrammer.spring.lemon.LemonController.getContext(java.util.Optional<java.lang.Long>,javax.servlet.http.HttpServletResponse)
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /api/core/context; Attributes: [permitAll]
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@8a1370cd: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2019-01-06 10:44:41 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@33757a2b, returned: 1
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:243 - Authorization successful
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:256 - RunAsManager did not change Authentication object
2019-01-06 10:44:41 DEBUG FilterChainProxy:313 - /api/core/context reached end of additional filter chain; proceeding with original chain
2019-01-06 10:44:41 DEBUG DispatcherServlet:90 - GET "/CSGOStats/api/core/context", parameters={}
2019-01-06 10:44:41 DEBUG RequestMappingHandlerMapping:420 - Mapped to public java.util.Map<java.lang.String, java.lang.Object> com.naturalprogrammer.spring.lemon.LemonController.getContext(java.util.Optional<java.lang.Long>,javax.servlet.http.HttpServletResponse)
2019-01-06 10:44:41 DEBUG OpenEntityManagerInViewInterceptor:86 - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2019-01-06 10:44:41 DEBUG LemonController:84 - Getting context 
2019-01-06 10:44:41 DEBUG JpaTransactionManager:355 - Found thread-bound EntityManager [SessionImpl(631661686<open>)] for JPA transaction
2019-01-06 10:44:41 DEBUG LemonService:179 - Getting context ...
2019-01-06 10:44:41 DEBUG LemonController:86 - Returning context: {context={reCaptchaSiteKey=6LdwxRcUAAAAABkhOGWQXhl9FsR27D5YUJRuGzx0, shared={foobar=123...}}, user=null}
2019-01-06 10:44:41 DEBUG RequestResponseBodyMethodProcessor:267 - Using 'application/json;q=0.8', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8] and supported [application/json, application/*+json, application/json, application/*+json]
2019-01-06 10:44:41 DEBUG RequestResponseBodyMethodProcessor:90 - Writing [{context={reCaptchaSiteKey=6LdwxRcUAAAAABkhOGWQXhl9FsR27D5YUJRuGzx0, shared={foobar=123...}}, user=null}]
2019-01-06 10:44:41 DEBUG HstsHeaderWriter:129 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@47453fa7
2019-01-06 10:44:41 DEBUG OpenEntityManagerInViewInterceptor:111 - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2019-01-06 10:44:41 DEBUG EntityManagerFactoryUtils:418 - Closing JPA EntityManager
2019-01-06 10:44:41 DEBUG DispatcherServlet:1130 - Completed 200 OK
2019-01-06 10:44:41 DEBUG ExceptionTranslationFilter:121 - Chain processed normally
2019-01-06 10:44:41 DEBUG SecurityContextPersistenceFilter:119 - SecurityContextHolder now cleared, as request processing completed

我错过了什么？提前致谢！

标签： spring-bootcorsrequest-headersspring-lemon

spring-boot - Spring Lemon：缺少响应标头 Set-Cookie 和 X-XSRF-TOKEN

问题描述

解决方案

推荐阅读