为什么我在 spring 启动时提交对受保护资源的请求时出现 cors 错误?
Why I get cors error when submitting a request to secured resource in spring boot?
我已经使用 jwt 令牌在我的应用程序中实现了 spring 安全性,我在 spring 安全性中有以下配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
prePostEnabled = true)
public class MSSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Autowired
private AuthEntryPointJwt unauthorizedHandler;
@Bean
public AuthTokenFilter authenticationJwtTokenFilter() {
return new AuthTokenFilter();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/companies/UnAuth/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/companies/Auth/**").authenticated()
.antMatchers("/companies/Auth/Update").authenticated()
.antMatchers("/companies/Auth/Delete").authenticated();
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
}
我在相关控制器上有以下cors注释:
@CrossOrigin(origins = "http://localhost:4200", maxAge = 3600)
@RestController
@RequestMapping("/companies")
@Slf4j
public class CompanyController {
我尝试将以下内容添加到 angular 中的 http 拦截器:
authReq.headers.set("Access-Control-Allow-Origin", "http://localhost:4200");
authReq.headers.set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
当从 Angular 9 应用程序提交请求时,我无法通过安全性并且出现 cors 错误:
`Access to XMLHttpRequest at 'http://localhost:9001/companies/Auth/Update' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resourc`e.
请求不包含 'Access-Control-Allow-Origin' header,您应该在 header 中添加它,它允许远程计算机访问您通过 REST 发送的内容。
如果您想允许所有远程主机访问您的 api 内容,您应该这样添加:
Access-Control-Allow-Origin: *
您也可以指定一个特定的主机:
Access-Control-Allow-Origin: http://example.com
您应该在 pom.xml 文件中修改您的依赖项并允许 CORS headers,除了 Access-Control-Allow-Origin headers 还有一些您将需要添加到请求中,请在此处查找更多信息:
https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
我已经使用 jwt 令牌在我的应用程序中实现了 spring 安全性,我在 spring 安全性中有以下配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
prePostEnabled = true)
public class MSSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Autowired
private AuthEntryPointJwt unauthorizedHandler;
@Bean
public AuthTokenFilter authenticationJwtTokenFilter() {
return new AuthTokenFilter();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/companies/UnAuth/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/companies/Auth/**").authenticated()
.antMatchers("/companies/Auth/Update").authenticated()
.antMatchers("/companies/Auth/Delete").authenticated();
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
}
我在相关控制器上有以下cors注释:
@CrossOrigin(origins = "http://localhost:4200", maxAge = 3600)
@RestController
@RequestMapping("/companies")
@Slf4j
public class CompanyController {
我尝试将以下内容添加到 angular 中的 http 拦截器:
authReq.headers.set("Access-Control-Allow-Origin", "http://localhost:4200");
authReq.headers.set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
当从 Angular 9 应用程序提交请求时,我无法通过安全性并且出现 cors 错误:
`Access to XMLHttpRequest at 'http://localhost:9001/companies/Auth/Update' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resourc`e.
请求不包含 'Access-Control-Allow-Origin' header,您应该在 header 中添加它,它允许远程计算机访问您通过 REST 发送的内容。
如果您想允许所有远程主机访问您的 api 内容,您应该这样添加:
Access-Control-Allow-Origin: *
您也可以指定一个特定的主机:
Access-Control-Allow-Origin: http://example.com
您应该在 pom.xml 文件中修改您的依赖项并允许 CORS headers,除了 Access-Control-Allow-Origin headers 还有一些您将需要添加到请求中,请在此处查找更多信息:
https://spring.io/blog/2015/06/08/cors-support-in-spring-framework