spring - Spring Boot 中的 CORS
问题描述
我正在尝试使用 cors 配置设置我的服务器应用程序。这里是配置,但任何 cors 请求login
都会有 403 响应代码:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final JwtAuthenticationEntryPoint unauthorizedHandler;
@Autowired
public WebSecurityConfig(JwtAuthenticationEntryPoint unauthorizedHandler) {
this.unauthorizedHandler = unauthorizedHandler;
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("*"));
configuration.setAllowedMethods(Collections.singletonList("*"));
configuration.setAllowedHeaders(Collections.singletonList("*"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(new JwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class)
.cors().and()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.csrf().disable()
.antMatcher("/api/**").authorizeRequests()
.antMatchers("/login/**").permitAll()
.anyRequest().authenticated();
}
}
编辑 我已经解决了添加另一个配置类并从 websecurity 中删除 bean 的问题。
只需了解 cors 配置必须在 Spring Boot 而不是 Spring Security 上配置。
我添加的课程是:
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD")
.allowedHeaders("*")
.allowCredentials(true);
}
}
而 WebSeurityConfig 已经变成:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final JwtAuthenticationEntryPoint unauthorizedHandler;
@Autowired
public WebSecurityConfig(JwtAuthenticationEntryPoint unauthorizedHandler) {
this.unauthorizedHandler = unauthorizedHandler;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(new JwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class)
.cors().and()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.csrf().disable()
.antMatcher("/api/**").authorizeRequests()
.antMatchers("/login/**").permitAll()
.anyRequest().authenticated();
}
}
现在一切都按预期工作,cors 在所有端点上都得到了正确管理
解决方案
试试这个
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**") //or the URLs you would like to add
.allowedMethods("GET", "POST");
}
推荐阅读
- css - Firefox 中的 CSS 翻译错误
- python - 使用 Peewee 库进行批量更新
- reportportal - ReportPortal“通知”发件人字段显示为灰色
- javascript - 使用 Ant Media Server 的 Rest Api 时,如何解决“Access-Control-Allow-Origin”问题?
- shell - 将批量 Msol 用户添加到 Msol 组
- python-3.x - 使用 Python 3 错误创建 virtualenv
- html - Reactjs - onClick 在单击视频时有效,但在单击视频控制器时无效?
- java - 使用 dropwizard 轮询 SQS
- hibernate - 休眠manyToOne FK不保存
- angular - 如何在从for循环中获取值时将值从html传递到打字稿