cors使用spring boot rest api的问题

eit6fx6z  于 2021-07-06  发布在  Java
关注(0)|答案(1)|浏览(446)

下午好
我有一个应用程序。此应用程序使用带有spring boot和spring security的rest服务。
这是我的安全配置:
`@Configuration
@EnableWebSecurity
public class ServiceSecurity extends WebSecurityConfigurerAdapter{

@Override
protected void configure(HttpSecurity http)
{
    try 
    {
        http
        .csrf()
        .disable()
        .authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()
        .httpBasic();
        http.cors();            

    }         
    catch (Exception ex) 
    {
        Logger.getLogger(ServiceSecurity.class.getName()).log(Level.SEVERE, null, ex);
    }
}

@Bean
CorsConfigurationSource corsConfigurationSource() 
{
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("http://192.168.194.129:8080","http://192.168.193.8:8080","http://192.168.193.8:3000","http://192.168.193.6:3000"));
    configuration.setAllowedMethods(Arrays.asList("GET","POST"));
    configuration.setAllowCredentials(true);
    configuration.setAllowedHeaders(Arrays.asList("cache-control","Content-Type","Access-Control-Allow-Origin","Access-Control-Allow-Headers","Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Authorization","X-Requested-With","X-Frame-Options"));
    configuration.setExposedHeaders(Arrays.asList("Content-Type","Access-Control-Allow-Origin","Access-Control-Allow-Headers","Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Authorization","X-Requested-With","X-Frame-Options"));

    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration.applyPermitDefaultValues());        
    return source;
}

}如果我启用chrome扩展“allow cors”,那么只有在我从一个有效的url(在spring安全配置setallowedorigins中)实现请求时,我才能获得所有数据。如果我试图从另一个url获取数据,chrome控制台会显示403错误。 因此,我知道我的rest服务配置正在工作。 但是,如果关闭“allow cors”chrome extension,我会得到以下错误:Access to fetch at 'http://192.168.193.8/WebService/obtenerFertilizantes' from origin 'http://192.168.193.8:3000' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://192.168.193.8:3000, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.chrome网络日志say:(failed)net::err\u获取失败 api在javascript中与fetch一起使用:config = {
method: 'GET',
crossDomain:true,
async: true,
headers: {
'Authorization': 'Basic ' + btoa(username + ":" + password),
'Content-Type': 'application/json',
'Accept': 'application/json',
"Access-Control-Allow-Methods": "POST, GET",
"Access-Control-Allow-Headers": "Content-Type, Access-Control-Allow-Origin, Authorization",
"Access-Control-Allow-Credentials":true,
"cache-control": "no-cache"
}
};

    fetch("http://localhost/service/obtenerFertlizantes",config)
      .then(response => response.json())
      .then(responseJson => {
        setDatos(responseJson);
      });` 我将感谢你的帮助。
7xllpg7q

7xllpg7q1#

最后,我可以解决这个问题。
api rest服务在payara服务器上。该服务器在default-web.xml配置文件中配置了一个额外的cors。
我删除了关于cors配置的行,工作正常!
我只使用spring安全配置cors。
谢谢!

相关问题