SpringSecurity跨域问题
来源:7-4 基于数据库Rbac数据模型控制权限
TinyLeon
2018-06-26
jojo老师好:
我现在按照老师的课程,开发了用户等方面的代码。
联调时要解决跨域问题。
我是这么解决跨域问题的:
@SpringBootApplication
public class VBCDApplication extends WebMvcConfigurerAdapter {
public static void main(final String[] args) {
SpringApplication.run(VBCDApplication.class, args);
}
@Override
public void addCorsMappings(final CorsRegistry registry) {
registry.addMapping("/**").allowedHeaders(
MediaType.APPLICATION_JSON_UTF8_VALUE);
}
} 以及:
@Configuration
public class CorsConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(final CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowCredentials(true)
.allowedMethods("GET", "POST", "DELETE", "PUT").maxAge(3600);
}
@Bean
public MultipartConfigElement multipartConfigElement() {
final MultipartConfigFactory factory = new MultipartConfigFactory();
factory.setMaxFileSize(100L * 1024L * 1024L);
return factory.createMultipartConfig();
}
}结果,前端在联调其它接口时,不再报跨域问题。但是再联调登录接口时,还是不行。
如上图所示,用postman测试登录接口没问题
这张图是前端发给我的截图,前端用vue.js 开发的。他们说那个500的Options的报错,就是跨域问题。
他们认为登录的跨域问题我漏配了。
可是我明明配置的全局跨域呀,请老师指点。
写回答
4回答
-
网上有很多类似问题,基本上无效,以下方案能解决你的问题(我用的是oauth,web环境没测试过):
第一步:在AppResourceServerConfig加入cors@Override public void configure(HttpSecurity http) throws Exception { appFormAuthenticationConfig.configure(http); formAuthenticationConfig.configure(http); http.apply(validateCodeSecurityConfig) .and() .apply(smsCodeAuthenticationSecurityConfig) .and() .apply(shuyangSocialSecurityConfig) .and() .apply(openIdAuthenticationSecurityConfig) .and() .cors() .and() .csrf().disable(); authorizeConfigManager.config(http.authorizeRequests()); }第二步:在 AppResourceServerConfig 配置以下bean
@Bean public OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler(ApplicationContext applicationContext) { OAuth2WebSecurityExpressionHandler expressionHandler = new OAuth2WebSecurityExpressionHandler(); expressionHandler.setApplicationContext(applicationContext); return expressionHandler; } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.expressionHandler(expressionHandler); } @Bean CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.addAllowedOrigin("*"); configuration.setAllowCredentials(true); configuration.addAllowedHeader("*"); configuration.addAllowedMethod("*"); configuration.addAllowedMethod("POST"); configuration.addAllowedMethod("GET"); configuration.addAllowedMethod("DELETE"); configuration.addAllowedMethod("PUT"); configuration.addAllowedMethod("OPTIONS"); configuration.addAllowedMethod("PATCH"); configuration.addAllowedHeader("Authorization"); configuration.addAllowedHeader("loginType"); configuration.addExposedHeader("x-auth-token"); configuration.addExposedHeader("x-total-count"); configuration.setMaxAge(3600L); configuration.setExposedHeaders(Arrays.asList("Access-Control-Allow-Headers", "Origin, No-Cache", "X-Requested-With", "If-Modified-Since", "Pragma", "Last-Modified", "Cache-Control", "Expires", "Content-Type", "X-E4M-With", "x-content-type-options", "x-frame-options", "Authorization", "loginType")); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/oauth/token", configuration); source.registerCorsConfiguration("/**", configuration); return source; }012018-07-08 -
小哥哥不开心了
2019-05-13
@Component @Order(Ordered.HIGHEST_PRECEDENCE) public class AjaxCorsFilter extends CorsFilter { public AjaxCorsFilter() { super(configurationSource()); } private static UrlBasedCorsConfigurationSource configurationSource() { CorsConfiguration corsConfig = new CorsConfiguration(); List<String> allowedHeaders = Arrays.asList("x-auth-token", "content-type", "X-Requested-With", "XMLHttpRequest"); List<String> exposedHeaders = Arrays.asList("x-auth-token", "content-type", "X-Requested-With", "XMLHttpRequest"); List<String> allowedMethods = Arrays.asList("POST", "GET", "DELETE", "PUT", "OPTIONS"); List<String> allowedOrigins = Arrays.asList("*"); corsConfig.setAllowedHeaders(allowedHeaders); corsConfig.setAllowedMethods(allowedMethods); corsConfig.setAllowedOrigins(allowedOrigins); corsConfig.setExposedHeaders(exposedHeaders); corsConfig.setMaxAge(36000L); corsConfig.setAllowCredentials(true); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", corsConfig); return source; } }过了这么久,你应该解决了。这个方法应该可以解决跨域问题,后面遇到跨域问题的同学可以试试
00 -
无痕00
2018-11-03
前端处理下,正式环境在ngnix上配置下,就行了
00 -
Bodekjan
2018-06-29
你在CorsConfig类中加一下Order试试:
@Configuration
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsConfig extends WebMvcConfigurerAdapter {
012018-07-02
Spring Security技术栈开发企业级认证与授权
Spring Security技术栈,REST风格开发常见接口,独立开发认证授权模块保证REST服务安全
2662 学习 · 1561 问题
相似问题
跨域问题
回答 1
前后端分离,后端采用单点登录,跨域问题
回答 2