我正在尝试使用Spring Security 3.2设置我的Spring服务器,以便能够执行ajax登录请求.
我关注了Spring Security 3.2视频和几个帖子,但问题是我得到了
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:9000' is therefore not allowed access.
对于登录请求(见下文).
我创建了一个CORSFilter设置,我可以访问系统中未受保护的资源,并在响应中添加相应的标头.
我的猜测是我没有添加CORSFilter到安全过滤器链,或者它可能在链中太晚了.任何想法将不胜感激.
WebAppInitializer
public class WebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext) {
WebApplicationContext rootContext = createRootContext(servletContext);
configureSpringMvc(servletContext, rootContext);
FilterRegistration.Dynamic corsFilter = servletContext.addFilter("corsFilter", CORSFilter.class);
corsFilter.addMappingForUrlPatterns(null, false, "/*");
}
private WebApplicationContext createRootContext(ServletContext servletContext) {
AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
rootContext.register(SecurityConfig.class, PersistenceConfig.class, CoreConfig.class);
servletContext.addListener(new ContextLoaderListener(rootContext));
servletContext.setInitParameter("defaultHtmlEscape", "true");
return rootContext;
}
private void configureSpringMvc(ServletContext …spring spring-mvc spring-security http-headers servlet-filters