Spring 安全：我试着测试http://localhost：8080/login post方法，我重定向到同一路径再次登录

wfveoks0 于 2021-07-13 发布在 Java

关注(0)|答案(1)|浏览(583)

我用springsecurity创建了一个帐户，用postman测试了它的功能，我的前端工作得很好，然后我尝试登录，每次我重定向到登录，这就像一个授权问题
从前端我得到这个错误：
'访问xmlhttprequest'http://192.168.43.216：8080/从原点登录http://localhost：3000“已被cors策略阻止：对飞行前请求的响应未通过访问控制检查：请求的资源上不存在“访问控制允许来源”标头。
这是my websecurityconfig.java

package com.pi.MinuteBrico.security.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import com.pi.MinuteBrico.services.AppUserService;

@Configuration
//@AllArgsConstructor
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final AppUserService appUserService;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;

    public WebSecurityConfig(AppUserService appUserService,
            BCryptPasswordEncoder bCryptPasswordEncoder) {
        super();
        this.appUserService = appUserService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http

                .cors().and()
                .csrf().disable()
                .authorizeRequests()
                    .antMatchers("/registration/**"/*,SecurityConstraint.ROLE_ALL_AUTHENTICATED_USE*/)
                    .permitAll()
                .anyRequest()
                .authenticated().and()
                .formLogin();                 

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(daoAuthenticationProvider());
    }

    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider provider =
                new DaoAuthenticationProvider();
        provider.setPasswordEncoder(bCryptPasswordEncoder);
        provider.setUserDetailsService(appUserService);
        return provider;
    }
}

当我尝试测试登录的post方法时会发生这种情况http://localhost：8080/ Postman 登录

[![enter image description here][1]][1]

spring spring-boot spring-data-jpa spring-security spring-mvc

来源：https://stackoverflow.com/questions/66861680/spring-security-i-tried-to-test-http-localhost8080-login-post-method-and-i

1条答案

按热度按时间

gpnt7bae1#

这个 cors （跨源资源共享）过滤器在添加时添加到spring安全配置中 http.cors() . 这意味着只有来自同一来源的请求才会被服务。要添加要服务的跨源请求，您需要为此添加配置。将下面的bean添加到您的安全配置中。更多细节请查看链接

@Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("https://localhost:300")); //URLs you want to allow
        configuration.setAllowedMethods(Arrays.asList("GET","POST")); //methods you want to allow
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

赞(0）回复(0）举报 2021-07-13

我来回答

Spring 安全：我试着测试http://localhost：8080/login post方法，我重定向到同一路径再次登录

1条答案

相关问题

热门标签

最新问答