Spring 安全:我试着测试http://localhost:8080/login post方法,我重定向到同一路径再次登录

wfveoks0  于 2021-07-13  发布在  Java
关注(0)|答案(1)|浏览(582)

我用springsecurity创建了一个帐户,用postman测试了它的功能,我的前端工作得很好,然后我尝试登录,每次我重定向到登录,这就像一个授权问题
从前端我得到这个错误:
'访问xmlhttprequest'http://192.168.43.216:8080/从原点登录http://localhost:3000“已被cors策略阻止:对飞行前请求的响应未通过访问控制检查:请求的资源上不存在“访问控制允许来源”标头。
这是my websecurityconfig.java

package com.pi.MinuteBrico.security.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import com.pi.MinuteBrico.services.AppUserService;

@Configuration
//@AllArgsConstructor
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final AppUserService appUserService;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;

    public WebSecurityConfig(AppUserService appUserService,
            BCryptPasswordEncoder bCryptPasswordEncoder) {
        super();
        this.appUserService = appUserService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http

                .cors().and()
                .csrf().disable()
                .authorizeRequests()
                    .antMatchers("/registration/**"/*,SecurityConstraint.ROLE_ALL_AUTHENTICATED_USE*/)
                    .permitAll()
                .anyRequest()
                .authenticated().and()
                .formLogin();                 

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(daoAuthenticationProvider());
    }

    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider provider =
                new DaoAuthenticationProvider();
        provider.setPasswordEncoder(bCryptPasswordEncoder);
        provider.setUserDetailsService(appUserService);
        return provider;
    }
}

当我尝试测试登录的post方法时会发生这种情况http://localhost:8080/ Postman 登录

[![enter image description here][1]][1]

gpnt7bae

gpnt7bae1#

这个 cors (跨源资源共享)过滤器在添加时添加到spring安全配置中 http.cors() . 这意味着只有来自同一来源的请求才会被服务。要添加要服务的跨源请求,您需要为此添加配置。将下面的bean添加到您的安全配置中。更多细节请查看链接

@Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("https://localhost:300")); //URLs you want to allow
        configuration.setAllowedMethods(Arrays.asList("GET","POST")); //methods you want to allow
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

相关问题