我正在开发将Spring MVC用于后端并将Angular5用于前端的应用程序。我一直沉迷于Auth2安全层(包括跨域资源共享)的实现。我的CORS过滤器实现如下所示:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
@WebFilter("/*")
public class WebSecurityCorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
res.setHeader("Access-Control-Max-Age", "3600");
res.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept, x-requested-with, Cache-Control");
if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) request).getMethod())) {
res.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(request, res);
}
}
@Override
public void destroy() {
}
}
我几乎可以正常工作,我能够获取access_token并使用它从ResourcesServer获取受保护的数据:
{“ access_token”:“ 4fcef1f8-4306-4047-9d4d-1c3cf74ecc44”,“ token_type”:“ bearer”,“ refresh_token”:“ …