我正在尝试为CORS配置Spring以使用Angular Web UI:
我尝试了这个:
@Configuration @ComponentScan("org.datalis.admin.config") public class AppConfig { @Bean public static PropertySourcesPlaceholderConfigurer propertyConfigurer() { PropertySourcesPlaceholderConfigurer conf = new PropertySourcesPlaceholderConfigurer(); conf.setLocation(new ClassPathResource("application.properties")); return conf; } @Bean public FilterRegistrationBean<CorsFilter> corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.addAllowedOrigin("127.0.0.1"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); source.registerCorsConfiguration("/**", config); FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<CorsFilter>(new CorsFilter(source)); bean.setOrder(0); return bean; } }
带有Angular FE的Apache服务器与同一服务器上的Wildly服务器一起运行,因此我为源配置了127.0.0.1。
但是我仍然得到:
Access to XMLHttpRequest at 'http://123.123.123.123:8080/api/oauth/token' from origin 'http://123.123.123.123' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status. auth:1 Failed to load resource: the server responded with a status of 404 (Not Found)
您知道如何解决此问题吗?
我尝试的第二种方式:
@Configuration @EnableResourceServer public class ResourceSecurityConfig extends ResourceServerConfigurerAdapter { @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId("resource_id").stateless(true); } @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/users/**").permitAll() .anyRequest().authenticated() .and() .cors().disable() .authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .anyRequest() .fullyAuthenticated() .and() .httpBasic() .and() .csrf().disable(); } @Bean public CorsConfigurationSource corsConfigurationSources() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("*")); configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token")); configuration.setExposedHeaders(Arrays.asList("x-auth-token")); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } }
使用第二种配置,我得到 has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status. auth:1 Failed to load resource: the server responded with a status of 404 (Not Found)
has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status. auth:1 Failed to load resource: the server responded with a status of 404 (Not Found)
实现此结果的最佳方法是什么?
您需要告诉Spring Security您使用创建的CORS配置。
Spring Security
在我的项目中,我Spring Security以这种方式配置:
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/rest/protected/**") .authenticated() //Other spring sec configruation and then: .and() .cors() .configurationSource(corsConfigurationSource()) }
在哪里corsConfigurationSource():
corsConfigurationSource()
@Bean CorsConfigurationSource corsConfigurationSource() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); boolean abilitaCors = new Boolean(env.getProperty("templating.oauth.enable.cors")); if( abilitaCors ) { if( logger.isWarnEnabled() ) { logger.warn("CORS ABILITATI! Si assume ambiente di sviluppo"); } CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200","http://localhost:8080", "http://localhost:8180")); configuration.setAllowedMethods(Arrays.asList( RequestMethod.GET.name(), RequestMethod.POST.name(), RequestMethod.OPTIONS.name(), RequestMethod.DELETE.name(), RequestMethod.PUT.name())); configuration.setExposedHeaders(Arrays.asList("x-auth-token", "x-requested-with", "x-xsrf-token")); configuration.setAllowedHeaders(Arrays.asList("X-Auth-Token","x-auth-token", "x-requested-with", "x-xsrf-token")); source.registerCorsConfiguration("/**", configuration); } return source; }
我希望它有用
安杰洛
