时间戳

首页 > 解决方案 > Spring Boot JWT Cors 不适用于 Angular 8

angular - Spring Boot JWT Cors 不适用于 Angular 8

问题描述

我在 Spring Boot 中有后端服务,在 Angular 8 中有 UI。我启用了 JWT,因此所有 api 调用都需要通过将JWT 令牌作为值传递Authorizarion Header来完成

我像下面这样设置CORS:

@SpringBootApplication
public class MyServicesApplication {

    public static void main(String[] args) {
        SpringApplication.run(MyServicesApplication.class, args);
    }
    
    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurer() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**").allowedOrigins("http://localhost:4200");
            }
        };
        
    }
}

在此之后,我可以访问登录 API,即

http://localhost:8080/login

但我无法访问任何受保护的路线。调用后端 API 服务时出现以下错误。

Access to XMLHttpRequest at 'http://localhost:8080/api/v1/data' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

我已经为我的 JWT 设置了这样的 WebSecurity。这是否会以某种方式影响案件?

@EnableWebSecurity
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService myUserDetailsService;
    @Autowired
    private JwtRequestFilter jwtRequestFilter;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailsService);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable().authorizeRequests().antMatchers("/login").permitAll().anyRequest()
                .authenticated().and().exceptionHandling().and().sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
    }
}

标签: angularspringspring-bootcors

解决方案

在你的,WebSecurityConfig#configure(HttpSecurity httpSecurity)

更新如下

httpSecurity
    .cors()
    ...

推荐阅读