此错误是什么选项http:// localhost:8080/403,我该如何解决?

问题描述 投票:-2回答:2

Context

  • Spring Boot
  • ReactJs

问题

我正在尝试将post请求发送到我的服务器,并收到jsessionid以发出更多请求。我收到jsessionid,但问题是我总是收到this错误。对于所有其他请求,没有cors错误或类似错误。

这是我的Spring Security Configuration的样子:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST", "OPTIONS", "PUT")
                .allowedHeaders("Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method",
                        "Access-Control-Request-Headers")
                .exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials")
                .allowCredentials(true).maxAge(3600);
    }

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Autowired
    UserDetailsServiceImpl userDetailsService;

    @Bean
    DaoAuthenticationProvider authenticationProvider(){
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
        return daoAuthenticationProvider;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                .antMatchers("/", "index", "/css/*", "/js/*").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().permitAll()
                .loginProcessingUrl("/perform_login").permitAll()
                .usernameParameter("username")
                .passwordParameter("password")
                .and()
                .csrf().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

}

这就是请求函数的外观:

handleSubmit = e => {
    e.preventDefault();
    const { username, password } = this.state;
    Axios({
      method: "POST",
      url: "/perform_login",
      headers: {
        "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Method": "*"
      },
      data: "username="+username+"&password="+password
    }).then(response => {
      console.log(response);
      console.log(document.cookie);
      const jsessionid = document.cookie;
      if (jsessionid !== null && jsessionid !== undefined) {
        console.log(jsessionid);
        sessionStorage.setItem("jsessionid", jsessionid);
        this.setState({ isAuthenticated: true });
      }
    });
  };

在邮递员中,一切正常。

reactjs spring-boot spring-security cors jsessionid
2个回答
0
投票
当您尝试在与网页的实际域(JS运行的地方)不同的域上发出

XHR请求时,Options调用就会生效。也称为CORS(跨源请求共享)

要么确保您的前端和后端在同一域上运行,要么您必须处理后端中的CORS。在春季,您可以这样做-https://www.baeldung.com/spring-security-cors-preflight

0
投票

所以我终于明白了。这篇文章对我有帮助:Spring Security CORS Issue: "OPTIONS http://localhost:8080/ 403 ()"

我的配置类现在看起来像这样:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST", "OPTIONS", "PUT")
                .allowedHeaders("Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method",
                        "Access-Control-Request-Headers", "Access-Control-Allow-Origin", "Access-Control-Allow-Method")
                .exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials")
                .allowCredentials(true).maxAge(3600);
    }

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Autowired
    UserDetailsServiceImpl userDetailsService;

    @Bean
    DaoAuthenticationProvider authenticationProvider(){
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
        return daoAuthenticationProvider;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                .antMatchers("/", "index", "/css/*", "/js/*").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().permitAll()
                .loginProcessingUrl("/perform_login").permitAll()
                .usernameParameter("username")
                .passwordParameter("password")
                .and()
                .csrf().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.