问题描述
我正在使用Spring Boot进行简单的休息服务.为了在Angular 2中使用它,我在oauth/token端点上检索令牌时遇到了CORS问题.
I'm using spring boot to make a simple rest service. To consume it in Angular 2, I've got CORS problem when retrieving token on oauth/token endpoint.
Chrome中的错误消息如下.
The error message in Chrome is below.
zone.js:101 OPTIONS http://192.168.0.9:8080/api/oauth/token
XMLHttpRequest cannot load http://192.168.0.9:8080/api/oauth/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401.
相关文件在下面.
MyConfig.java
MyConfig.java
@Configuration
public class MyConfig {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("**")
.allowedOrigins("*").allowedMethods("POST, GET, HEAD, OPTIONS")
.allowCredentials(true)
.allowedHeaders("Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers")
.exposedHeaders("Access-Control-Allow-Origin,Access-Control-Allow-Credentials")
.maxAge(10);
}
};
}
}
OAuth2ResourceServerConfig.java
OAuth2ResourceServerConfig.java
@Configuration
@EnableResourceServer
class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.anonymous()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS,"**").permitAll()
.antMatchers("/authenticated/**").authenticated()
;
}
}
我是java和spring的新手.我发现了类似的问题,例如 OAuth2-状态401 OPTIONS在检索令牌时请求,但是我真的不知道如何在春季启动时使它工作.
I'm new to java and spring. I found some similar question, such as OAuth2 - Status 401 on OPTIONS request while retrieving TOKEN, but I really don't understand how to make it work in spring boot.
请注意,正常的休息控制器端点工作正常.问题是oauth/token,选项请求返回401状态.
Please note normal rest controller endpoint works fine. The problem is oauth/token, the options request returns 401 status.
请给我看一些Spring Boot的工作代码.谢谢!
Please show me some working code in spring boot. Thanks!
推荐答案
您可以将此CORS过滤器添加到您的项目中
You can add this CORS Filter to your project
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCORSFilter implements Filter {
@Override
public void init(FilterConfig fc) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) resp;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, resp);
}
}
@Override
public void destroy() {
}
}
这篇关于oauth/token上的Spring Boot Rest Service选项401的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!