为 CORS 配置 Spring
我正在尝试为 CORS 配置 Spring 以使用 Angular Web UI:
我试过这个:
@Configuration
@ComponentScan("org.datalis.admin.config")
public class AppConfig {
@Bean
public static PropertySourcesPlaceholderConfigurer propertyConfigurer() {
PropertySourcesPlaceholderConfigurer conf = new PropertySourcesPlaceholderConfigurer();
conf.setLocation(new ClassPathResource("application.properties"));
return conf;
}
@Bean
public FilterRegistrationBean<CorsFilter> corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("127.0.0.1");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<CorsFilter>(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
带有 Angular FE 的 Apache 服务器与 Wildly 服务器在同一台服务器上运行,因此我为源配置了 127.0.0.1。
但我仍然得到:
Access to XMLHttpRequest at 'http://123.123.123.123:8080/api/oauth/token' from origin 'http://123.123.123.123' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
auth:1 Failed to load resource: the server responded with a status of 404 (Not Found)
你知道我该如何解决这个问题吗?
芜湖不芜3回答
-
森林海
您允许的来源是 127.0.0.1,但您的客户端具有 ip 123.123.123.123。尝试改变这一点:config.addAllowedOrigin("127.0.0.1");对此:config.addAllowedOrigin("123.123.123.123"); -
呼啦一阵风
您需要告诉Spring Security使用您创建的 CORS 配置。在我的项目中,我Spring Security以这种方式配置:@Overrideprotected void configure(HttpSecurity http) throws Exception{ http .authorizeRequests() .antMatchers("/rest/protected/**") .authenticated() //Other spring sec configruation and then: .and() .cors() .configurationSource(corsConfigurationSource())}在哪里corsConfigurationSource():@Bean CorsConfigurationSource corsConfigurationSource() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); boolean abilitaCors = new Boolean(env.getProperty("templating.oauth.enable.cors")); if( abilitaCors ) { if( logger.isWarnEnabled() ) { logger.warn("CORS ABILITATI! Si assume ambiente di sviluppo"); } CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200","http://localhost:8080", "http://localhost:8180")); configuration.setAllowedMethods(Arrays.asList( RequestMethod.GET.name(), RequestMethod.POST.name(), RequestMethod.OPTIONS.name(), RequestMethod.DELETE.name(), RequestMethod.PUT.name())); configuration.setExposedHeaders(Arrays.asList("x-auth-token", "x-requested-with", "x-xsrf-token")); configuration.setAllowedHeaders(Arrays.asList("X-Auth-Token","x-auth-token", "x-requested-with", "x-xsrf-token")); source.registerCorsConfiguration("/**", configuration); } return source; } -
MM们
这是我@Configuration处理仅在开发环境中使用的 CORS 请求的工作班。@Configuration//@Profile(PROFILE_DEV) public class CorsConfiguration { @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurer() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") .allowedHeaders("*") .allowedMethods("*"); } }; }}您还必须配置 Spring Security 以忽略HttpMethod.OPTIONS预检请求使用的(作为您提到的例外)@Configuration@EnableWebSecurity@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)public class SecurityConfiguration extends WebSecurityConfigurerAdapter { //... @Override public void configure(WebSecurity web) throws Exception { web.ignoring() //others if you need .antMatchers(HttpMethod.OPTIONS, "/**"); } @Override public void configure(HttpSecurity http) throws Exception { http .csrf() .disable() .exceptionHandling() .and() .headers() .frameOptions() .disable() .and() .authorizeRequests() .antMatchers("/api/register").permitAll() .antMatchers("/api/activate").permitAll() .antMatchers("/api/authenticate").permitAll() .antMatchers("/api/**").authenticated(); }}因为当您使用 cors 时,您有触发一个简单请求和预检请求HttpMethod.OPTIONS
随时随地看视频慕课网APP
相关分类
Java