时间戳

首页 > 解决方案 > Spring Boot 中的 CORS

spring - Spring Boot 中的 CORS

问题描述

我正在尝试使用 cors 配置设置我的服务器应用程序。这里是配置,但任何 cors 请求login都会有 403 响应代码:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final JwtAuthenticationEntryPoint unauthorizedHandler;

    @Autowired
    public WebSecurityConfig(JwtAuthenticationEntryPoint unauthorizedHandler) {
        this.unauthorizedHandler = unauthorizedHandler;
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Collections.singletonList("*"));
        configuration.setAllowedMethods(Collections.singletonList("*"));
        configuration.setAllowedHeaders(Collections.singletonList("*"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(new JwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class)
            .cors().and()
            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .csrf().disable()
            .antMatcher("/api/**").authorizeRequests()
            .antMatchers("/login/**").permitAll()
            .anyRequest().authenticated();

}

}

编辑 我已经解决了添加另一个配置类并从 websecurity 中删除 bean 的问题。

只需了解 cors 配置必须在 Spring Boot 而不是 Spring Security 上配置。

我添加的课程是:

@Configuration
public class CorsConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {

         registry.addMapping("/**")
            .allowedOrigins("*")
            .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD")
            .allowedHeaders("*")
            .allowCredentials(true);
    }

}

而 WebSeurityConfig 已经变成:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final JwtAuthenticationEntryPoint unauthorizedHandler;

    @Autowired
    public WebSecurityConfig(JwtAuthenticationEntryPoint unauthorizedHandler) {
        this.unauthorizedHandler = unauthorizedHandler;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(new JwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class)
            .cors().and()
            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .csrf().disable()
            .antMatcher("/api/**").authorizeRequests()
            .antMatchers("/login/**").permitAll()
            .anyRequest().authenticated();

}

}

现在一切都按预期工作,cors 在所有端点上都得到了正确管理

标签: springspring-bootcors

解决方案

试试这个

@Override
public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping("/**") //or the URLs you would like to add
            .allowedMethods("GET", "POST");
}

推荐阅读