包com.example.demo;
import java.util.Arrays;
import java.util.Collections;
import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
public SecurityConfiguration(OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService) {
System.out.println("loading user:" + oidcUserService);
this.oidcUserService = oidcUserService;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and().authorizeRequests()
.anyRequest()
.authenticated()
.and()
.oauth2Login()
.userInfoEndpoint().oidcUserService(oidcUserService);
}
@Bean
CorsConfigurationSource corsConfigurationSource()
{
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
API:
package com.example.demo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class AccountResource {
@Autowired
AdUserInfo adUserInfo;
@CrossOrigin(origins = "http://localhost:4200")
@GetMapping("/account")
public AdInfo getAccount() {
adUserInfo.setEmail("[email protected]");
return new AdInfo();
}
}
角度代码:
import { Injectable } from '@angular/core';
import { HttpClient } from '@angular/common/http';
import { Observable, Subject } from 'rxjs';
import { AdInfo } from './ad-info';
@Injectable({
providedIn: 'root'
})
export class LoginService {
private loginUrl: string;
constructor(private http: HttpClient) {
this.loginUrl = 'http://localhost:8080/account';
}
public login(): Observable<AdInfo> {
return this.http.get<AdInfo>(this.loginUrl);
}
}
角度类:
export class AdInfo {
id: string;
name: string;
email: string;
}
从 http://localhost:8080 调用工作正常。 它转到 azure 并登录。 按照•https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory。
现在我想从 Angular UI 调用它。所以本地主机:4200。做了一个登录页面。单击登录按钮。它正在调用 localhost:8080。但显示重定向到天蓝色广告登录时出错。
错误: 访问 XMLHttpRequest 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=******&scope=openid%20https://graph.microsoft.com/user.read&state=a04QyhpKFkvGUvjUCRwZ834QhTgzTFYIu74M0768Co0来自源“http://localhost:4200”的%3D&redirect_uri=http://localhost:8080/login/oauth2/code/azure'(从“http://localhost:8080/account”重定向)已被 CORS 阻止策略:请求的资源上不存在“Access-Control-Allow-Origin”标头
访问 XMLHttpRequest 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=******&scope=openid%20https://graph.microsoft.com/user.read&state=来自原点“http://localhost:4200”的 Du8JvHSEGdD3xcBft6B683mDrW8Zedppel1Xz6lBZwY%3D&redirect_uri=http://localhost:4200/login/oauth2/code/azure'(从“http://localhost:4200/account”重定向)已被阻止CORS 策略:对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头。
您可能面临的问题是 Spring Security 不允许通过飞行前检查请求并使它们失败。
添加
configuration.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept","Authorization"));
configuration.setAllowedMethods(Arrays.asList("GET","POST"));
并且在 Angular 中尝试添加 代理到后端服务器
你找到解决办法了吗?