那些遇到过的问题

相关疑难解决方法(0)

Spring安全CORS过滤器

我们添加Spring Security到现有项目中.

从这一刻起,我们No 'Access-Control-Allow-Origin' header is present on the requested resource从服务器收到401 错误.

那是因为没有Access-Control-Allow-Origin标题附加到响应.为了解决这个问题,我们Filter在注销过滤器之前添加了我们自己的过滤器,但过滤器不适用于我们的请求.

我们的错误:

XMLHttpRequest无法加载http://localhost:8080/getKunden.请求的资源上不存在"Access-Control-Allow-Origin"标头.http://localhost:3000因此不允许原点访问.响应具有HTTP状态代码401.

我们的安全配置:

@EnableWebSecurity
@Configuration
@ComponentScan("com.company.praktikant")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
private MyFilter filter;

@Override
public void configure(HttpSecurity http) throws Exception {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration config = new CorsConfiguration();

    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("PUT");
    config.addAllowedMethod("POST");
    source.registerCorsConfiguration("/**", config);
    http.addFilterBefore(new MyFilter(), LogoutFilter.class).authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS, "/*").permitAll();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws …
Run Code Online (Sandbox Code Playgroud)

java spring spring-security cors spring-boot

M. *_*ele
2016 11-04
22
推荐指数
10
解决办法
8万
查看次数

标签 统计

cors ×1

java ×1

spring ×1

spring-boot ×1

spring-security ×1