我试图在 Angular 和 Spring Boot 之间发送请求,我编写了 cors 配置 bean 以允许来自端口 4200 的请求,但配置似乎没有执行任何操作:
@Bean
public CorsFilter corsFilter() {
final org.springframework.web.cors.UrlBasedCorsConfigurationSource source = new org.springframework.web.cors.UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
// Set the exact origin without the wildcard
config.setAllowedOrigins(Collections.singletonList("http://localhost:4200"));
config.setAllowedHeaders(Arrays.asList(
HttpHeaders.ORIGIN,
HttpHeaders.CONTENT_TYPE,
HttpHeaders.ACCEPT,
HttpHeaders.AUTHORIZATION
));
config.setAllowedMethods(Arrays.asList(
"GET",
"POST",
"DELETE",
"PUT",
"PATCH"
));
source.registerCorsConfiguration("/**", config);
return new CorsFilter((CorsConfigurationSource) source);
}
这是我的安全链:
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.cors(withDefaults())
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(req ->
req.requestMatchers(
"/auth/**",
"/v2/api-docs",
"/v3/api-docs",
"/v3/api-docs/**",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/swagger-ui/**",
"/webjars/**",
"/swagger-ui.html"
)
.permitAll()
.anyRequest()
.authenticated()
)
.sessionManagement(session -> session.sessionCreationPolicy(STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
我知道我可以使用注释来允许控制器级别的请求,但是到底是什么阻止了这个工作?
我认为你没有在安全链中正确配置你的cors。
尝试像这样配置它并检查它是否工作。
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.cors(cors -> cors.configurationSource(corsFilter())) //configure your cors here
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(req ->
req.requestMatchers(
"/auth/**",
"/v2/api-docs",
"/v3/api-docs",
"/v3/api-docs/**",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/swagger-ui/**",
"/webjars/**",
"/swagger-ui.html"
)
.permitAll()
.anyRequest()
.authenticated()
)
.sessionManagement(session -> session.sessionCreationPolicy(STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
在评论中传达结果。