spring 如何在Sping Boot 3.0+上解决CORS

xfyts7mz  于 2023-04-10  发布在  Spring
关注(0)|答案(1)|浏览(261)

Spring boot版本3.0.+Spring Security中,身份验证不起作用,并且所有POST请求都不起作用。
CORS策略已阻止从源“http://localhost:3000”访问位于“http://localhost:9090/api/rest/users/auth”的XMLHttpRequest:对印前检查请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头。
然而,GET请求工作,并没有给予这个错误。所有建议工作在3.0以下的Spring boot版本。类型https://reflectoring.io/spring-cors/不工作。我使用REST配置与JWT Token实现WebMvcConfigurer
我已经尝试在请求的前端和后端的响应端连接所有推荐的头,但没有任何帮助。显然,问题是在这些版本的非常小的。谁遇到过这个问题并解决了它,请回复。

  1. @Override
  2. protected void doFilterInternal(HttpServletRequest request,
  3.                                 HttpServletResponse response,
  4.                                 FilterChain filterChain) throws ServletException, IOException {
  6.     response.setHeader("Access-Control-Allow-Origin", "*");
  7.     response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH");
  8.     response.setHeader("Access-Control-Max-Age", "3600");
  9.     response.setHeader("Access-Control-Allow-Headers",
  10.             "Accept-Encoding, origin, content-type, accept, token, x-auth-token, Access-Control-Allow-Origin, " +
  11.                     "Access-Control-Allow-Methods, Access-Control-Max-Age, Access-Control-Allow-Headers, " +
  12.                     "Content-Language, Content-Length, Keep-Alive, Authorization");
  15. @RestController
  16. @RequestMapping("/users")
  17. @Slf4j
  18. @SecurityRequirement(name = "Bearer Authentication")
  19. @CrossOrigin(origins = "http://localhost:3000", allowedHeaders = "*")
  20. //localhost:9090/api/rest/users
  21. public class UserController extends GenericController<User, UserDTO>
  22. {
  23.     private final CustomUserDetailsService customUserDetailsService;
  24.     private final JWTTokenUtil jwtTokenUtil;
  25.     private final UserService userService;
  27.     public UserController(UserService userService,
  28.                           CustomUserDetailsService customUserDetailsService,
  29.                           JWTTokenUtil jwtTokenUtil) {
  30.         super(userService);
  31.         this.customUserDetailsService = customUserDetailsService;
  32.         this.jwtTokenUtil = jwtTokenUtil;
  33.         this.userService = userService;
  34.     }
  35.     @PostMapping("/auth")
  36.     public ResponseEntity<?> auth(@RequestBody LoginDTO loginDTO) {
  37.         Map<String, Object> response = new HashMap<>();
  38.         log.info("LoginDTO: {}", loginDTO);
  39.         UserDetails foundUser = customUserDetailsService.loadUserByUsername(loginDTO.getLogin());
  40.         log.info("foundUser, {}", foundUser);
  41.         if (!userService.checkPassword(loginDTO.getPassword(), foundUser)) {
  42.             return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Ошибка авторизации!\nНеверный пароль");
  43.         }
  44.         String token = jwtTokenUtil.generateToken(foundUser);
  45.         response.put("token", token);
  46.         response.put("username", foundUser.getUsername());
  47.         response.put("authorities", foundUser.getAuthorities());
  48.         return ResponseEntity.ok().body(response);
  49.     }
  50. }
  52. @Configuration
  53.     @EnableWebSecurity
  54.     public class WebSecurityConfig {
  55.     
  56.         @Bean
  57.         public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
  58.             http
  59.                 // by default uses a Bean by the name of corsConfigurationSource
  60.                 .cors(withDefaults())
  61.                 ...
  62.             return http.build();
  63.         }
  64.     
  65.         @Bean
  66.         CorsConfigurationSource corsConfigurationSource() {
  67.             CorsConfiguration configuration = new CorsConfiguration();
  68.             configuration.setAllowedOrigins(Arrays.asList("https://example.com"));
  69.             configuration.setAllowedMethods(Arrays.asList("GET","POST"));
  70.             UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  71.             source.registerCorsConfiguration("/**", configuration);
  72.             return source;
  73.         }
  74.     }
  76.     import {useAuthUserAppStore} from "@/store/app";
  77. import LoginDTO from "@/models/LoginDTO";
  79. class AuthService {
  80.   login(loginDTOUser: LoginDTO) {
  81.     const user = {
  82.       login: loginDTOUser.login,
  83.       password: loginDTOUser.password
  84.     }
  85.     const serializedUser = JSON.stringify(user);
  86.     return http
  87.       .post('/users/auth', serializedUser)
  88.       .then(response => {
  89.         if (response.data.accessToken) {
  90.           useAuthUserAppStore().changeAuthUser(JSON.stringify(response.data))
  91.           console.log(useAuthUserAppStore().authUser)
  92.         }
  94.         return response.data;
  95.       });
  96.   }
spring

1条答案

按热度按时间
4zcjmb1e

4zcjmb1e1#

在类JWTSecurityConfig中,我删除了bean:

  1. @Bean
  2. public HttpFirewall httpFirewall() {       
  3.     StrictHttpFirewall firewall = new 
  4.     StrictHttpFirewall();       
  5.     firewall.setAllowUrlEncodedPercent(true);
  6.     firewall.setAllowUrlEncodedSlash(true);
  7.     firewall.setAllowSemicolon(true);
  8.     firewall.setAllowedHttpMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
  9.     return firewall;
  10. }
赞(0)分享  回复(0)举报  2023-04-10
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com