为什么在spring boot中向安全资源提交请求时出现cors错误？

laximzn5 于 2021-09-29 发布在 Java

关注(0)|答案(1)|浏览(242)

我已经使用jwt令牌在我的应用程序中实现了Spring Security ，我在Spring Security 中有以下配置：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(        
        prePostEnabled = true)  
public class MSSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService userDetailsService;

    @Autowired
    private AuthEntryPointJwt unauthorizedHandler;

    @Bean
    public AuthTokenFilter authenticationJwtTokenFilter() {
        return new AuthTokenFilter();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
         web.ignoring().antMatchers("/companies/UnAuth/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()           
            .authorizeRequests()
            .antMatchers("/companies/Auth/**").authenticated()
            .antMatchers("/companies/Auth/Update").authenticated()
            .antMatchers("/companies/Auth/Delete").authenticated();

        http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    }

我在相关控制器上有以下cors注解：

@CrossOrigin(origins = "http://localhost:4200", maxAge = 3600)
@RestController
@RequestMapping("/companies")
@Slf4j
public class CompanyController {

我试图在angular中将以下内容添加到http侦听器中：

authReq.headers.set("Access-Control-Allow-Origin", "http://localhost:4200");
    authReq.headers.set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

从angular 9应用程序提交请求时，我无法通过安全检查，并且我收到cors错误：

`Access to XMLHttpRequest at 'http://localhost:9001/companies/Auth/Update' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resourc`e.

spring-boot spring-security

来源：https://stackoverflow.com/questions/68540258/why-i-get-cors-error-when-submitting-a-request-to-secured-resource-in-spring-boo

1条答案

按热度按时间

ws51t4hk1#

请求不包含“access control allow origin”标题，您应该将其添加到标题中，它允许远程计算机访问您通过rest发送的内容。
如果要允许所有远程主机访问您的api内容，应按如下方式添加：

Access-Control-Allow-Origin: *

您还可以指定特定的主机：

Access-Control-Allow-Origin: http://example.com

您应该在pom.xml文件中修改依赖项并允许cors标头，从access control allow origin标头中选择appart您还需要向请求中添加一些内容，请在此处查找更多信息：
https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

赞(0）回复(0）举报 2021-09-29

我来回答

为什么在spring boot中向安全资源提交请求时出现cors错误？

1条答案

相关问题

热门标签

最新问答