使用Spring Security和Vue.js配置CORS

我创建了一个Vue-Spring登录API，看起来是正确的。
AuthForm.vue

methods: {
  try_auth() {
    if (this.check()) {
      axios.post('http://localhost:8080/api/login', {
        params: {
          login: this.usr.login,
          password: this.usr.password
        }
      });
    }
  },
}

字符串
LoginController.java:

@RestController
@RequestMapping("/api")
@CrossOrigin("http://localhost:8081")
public class LoginContoller {
    @RequestMapping(method = RequestMethod.POST, path="/login")
    public ResponseEntity<String> handleLoginRequest(@RequestParam String login, @RequestParam String password) {
        return ResponseEntity.ok("Authentication successful: " + login + " " + password);
    }
}

型
SecurityConfig.java:

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedHeaders(List.of("Authorization", "Cache-Control", "Content-Type"));
        corsConfiguration.setAllowedOrigins(List.of("*"));
        corsConfiguration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PUT","OPTIONS","PATCH", "DELETE"));
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.setExposedHeaders(List.of("Authorization"));
        http.cors(Customizer.withDefaults())
                .authorizeHttpRequests((authorizeRequests) ->
                        authorizeRequests
                                .requestMatchers("/**").hasRole("USER")
                )
                .formLogin((formLogin) ->
                        formLogin
                                .loginPage("/login")
                                .defaultSuccessUrl("/main")
                                .permitAll()
                );
        return http.build();
    }
    @Bean
    public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
        UserDetails user =
                User.builder()
                        .username("user")
                        .password(passwordEncoder.encode("password"))
                        .roles("USER")
                        .build();
        return new InMemoryUserDetailsManager(user);
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

型
然而，当我尝试执行try_auth()方法时，我在控制台中得到了x1c 0d1x。我实现错了什么？Vue项目部署在8081端口，Tomcat运行在8080端口，我的问题和CORS issue - No 'Access-Control-Allow-Origin' header is present on the requested resource不同，因为这个方案不适合我，我仍然得到403错误，不知道如何修复它。我的LoginController可能被错误地使用。所以，这是我修复后的代码：LoginController没有改变。前端的Axios也没有改变。SecurityConfig：

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.cors(withDefaults())
                .authorizeHttpRequests((authorizeRequests) ->
                        authorizeRequests
                                .requestMatchers("/**").hasRole("USER")
                )
                .formLogin((formLogin) ->
                        formLogin
                                .loginPage("/login")
                                .defaultSuccessUrl("/main")
                                .permitAll()
                );
        return http.build();
    }
    @Bean
    public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
        UserDetails user =
                User.builder()
                        .username("user")
                        .password(passwordEncoder.encode("password"))
                        .roles("USER")
                        .build();
        return new InMemoryUserDetailsManager(user);
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(List.of("http://localhost:8081"));
        configuration.setAllowedMethods(Arrays.asList("GET","POST"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

型
还有

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/api/login. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 403.

型

为什么出错：

你的http.cors在SecurityConfig.java不允许请求形式端口8081.这是Spring默认安全现象
如何解决这个问题：
你必须允许你的端口8081在java应用程序内.我们可以这样做如下
您需要更新registry.addMapping和allowedMethods

@Configuration
public class CorsConfig implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/api/**")
                .allowedOrigins("http://localhost:8081")
                .allowedMethods("GET", "POST", "PUT", "DELETE")
                .allowedHeaders("*");
    }
}

字符串

请更新您的安全配置如下

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http    .csrf(AbstractHttpConfigurer::disable)
                .cors(Customizer.withDefaults())
                .authorizeHttpRequests((authorizeRequests) ->
                        authorizeRequests
                                .requestMatchers("/**").hasRole("USER")
                )
                .formLogin((formLogin) ->
                        formLogin
                                .loginPage("/login")
                                .defaultSuccessUrl("/main")
                                .permitAll()
                );
        return http.build();
}

型

展开查看全部

使用Spring Security和Vue.js配置CORS

1条答案

相关问题

热门标签

最新问答