angular - 出现错误- GET http://localhost:8080/hello/variable/user net::ERR_FAILED 运行 Angular+Spring Boot 应用程序

问题描述

通过禁用 csrf() 并启用 OPTION 请求在 localhost 中运行 Angular+Spring 启动应用程序时出现以下错误

错误 - 从源“http://localhost:4200”访问“http://localhost:8080/hello/variable/paraan”处的 XMLHttpRequest 已被 CORS 策略阻止：没有“Access-Control-Allow-Origin”标头存在于请求的资源上。

GET http://localhost:8080/hello/variable/user net::ERR_FAILED zone-evergreen.js:2845

角欢迎数据.service.ts

executeHelloWorldBeanServicePathVarible(name)
  {
    let basicAuthHeaderString=this.createBasicAuthenticationHttpHeader();
    let headers=new HttpHeaders({
      Authorization:basicAuthHeaderString
    })
   
    return this.http.get<helloWorldBean>
    (`http://localhost:8080/hello/variable/${name}`,
    {headers});
  }

  createBasicAuthenticationHttpHeader(){
    let username='user'
    let password='dummy'
    
    let basicAuthHeaderString='Basic' + window.btoa(username + ':' + password);
    
    return basicAuthHeaderString;
    
      } 

SpringSecurityConfigurationBasicAuth.java

package com.practice.rest.webservices.restfulwebservices.basic.auth;

import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.bind.annotation.CrossOrigin;

@Configuration
@EnableWebSecurity 
  public class SpringSecurityConfigurationBasicAuth extends WebSecurityConfigurerAdapter{
  
  @Override
  protected void configure(HttpSecurity http) throws Exception {
  
  http
  .csrf().disable()
  .authorizeRequests()
  .antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
  .anyRequest().authenticated() 
  .and() 
  //.formLogin().and() 
  .httpBasic(); 
  }
  
  }
 

编辑了 SpringSecurityConfigurationBasicAuth.java

package com.practice.rest.webservices.restfulwebservices.basic.auth;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
@EnableWebSecurity
public class SpringSecurityConfigurationBasicAuth extends WebSecurityConfigurerAdapter{
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .csrf().disable()   
        .authorizeRequests()
        .antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
                .anyRequest().authenticated()
                .and()
            //.formLogin().and()
            .httpBasic();
    }
    @Bean
    public CorsFilter corsFilter() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        final CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin(CorsConfiguration.ALL);
        config.addAllowedHeader("*");
        config.addExposedHeader("Authorization");
        config.addAllowedMethod("OPTIONS");
        config.addAllowedMethod("HEAD");
        config.addAllowedMethod("GET");
        config.addAllowedMethod("PUT");
        config.addAllowedMethod("POST");
        config.addAllowedMethod("DELETE");
        config.addAllowedMethod("PATCH");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }
}

标签： angularspring-bootspring-security