spring安全cors登录

pw9qyyiw  于 2021-07-24  发布在  Java
关注(0)|答案(1)|浏览(269)

我有两个不同的客户端和服务器域。
我的服务器(实际上是一个restapi)使用springsecurity运行,下面是我的安全配置代码

@Override  
public void configure(HttpSecurity http) throws Exception {  
    http  
        .cors().and().csrf().disable()
        .authorizeRequests()  
        .anyRequest().authenticated()  
        .and()  
        .formLogin()
        .and()
        .httpBasic();  
}  

@Override  
protected void configure(AuthenticationManagerBuilder auth) throws Exception {  
    auth.inMemoryAuthentication()  
        .withUser("user")  
        .password("{noop}pass") 
        .roles("ADMIN");
}  

@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowCredentials(true);
    configuration.setAllowedOrigins(Arrays.asList("https://clientdoamin.com"));
    configuration.setAllowedMethods(Arrays.asList("*"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

但是我想通过我的客户机域登录,并且能够在以后进行ajax调用,而无需在每次请求时登录!
请帮帮我!!

qfe3c7zg

qfe3c7zg1#

您可以在springsecurity中尝试会话管理。请看详细说明https://docs.spring.io/spring-session/docs/2.1.x/reference/html/spring-security.html

相关问题