Spring Boot Sping Boot 总是抛出403和CORS策略错误

qncylg1j  于 2024-01-06  发布在  Spring
关注(0)|答案(2)|浏览(234)

我是Sping Boot 和VueJS的新手。我正在开发一个Web应用程序,使用Vue前端和Sping Boot 后端,通过Google SDK登录Google。前端和后端工作正常,但两者之间的通信不起作用。当我试图通过BackendService.js向后端发出GET调用时,我在浏览器控制台中收到以下错误消息。

  1. Access to XMLHttpRequest at 'BACKEND_URL/match/231' from origin 'FRONTEND_URL' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
  3. GET BACKEND_URL/match/231 net::ERR_FAILED 403 (Forbidden)
  5. Uncaught (in promise) AxiosError {message: 'Network Error', name: 'AxiosError', code: 'ERR_NETWORK', config: {…}, request: XMLHttpRequest, …}

字符串
以下是我的 Spring 课程www.example.com:

  1. @Configuration
  2. @EnableWebSecurity
  3. public class SecurityConfig{
  5.     @Bean
  6.     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
  7.         http.authorizeRequests();
  8.         CorsConfiguration cors = new CorsConfiguration();
  9.         cors.setAllowedOrigins(List.of("FRONTEND_URL"));
  10.         cors.setAllowedHeaders(List.of("*"));
  11.         cors.setAllowCredentials(true);
  12.         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  13.         source.registerCorsConfiguration("/**", cors);
  14.         http.authorizeRequests().anyRequest().authenticated();
  15.         http.csrf().disable();
  16.         http.cors().disable();
  17.         return http.build();
  18.     }
  19. }


公司简介

  1. <modelVersion>4.0.0</modelVersion>
  2.     <parent>
  3.         <groupId>org.springframework.boot</groupId>
  4.         <artifactId>spring-boot-starter-parent</artifactId>
  5.         <version>3.2.0</version>
  6.         <relativePath/>
  7.     </parent>
  8.     <groupId>com.example</groupId>
  9.     <artifactId>MatchMaker_BE</artifactId>
  10.     <version>0.0.1-SNAPSHOT</version>
  11.     <name>MatchMaker_BE</name>
  12.     <description>MatchMaker_BE</description>
  13.     <properties>
  14.         <java.version>21</java.version>
  15.     </properties>
  16.     <dependencies>
  17.         <dependency>
  18.             <groupId>org.springframework.boot</groupId>
  19.             <artifactId>spring-boot-starter-thymeleaf</artifactId>
  20.         </dependency>
  21.         <dependency>
  22.             <groupId>org.springframework.boot</groupId>
  23.             <artifactId>spring-boot-starter-web</artifactId>
  24.         </dependency>
  26.         <dependency>
  27.             <groupId>com.mysql</groupId>
  28.             <artifactId>mysql-connector-j</artifactId>
  29.             <scope>runtime</scope>
  30.         </dependency>
  31.         <dependency>
  32.             <groupId>org.springframework.boot</groupId>
  33.             <artifactId>spring-boot-starter-test</artifactId>
  34.             <scope>test</scope>
  35.         </dependency>
  36.         <dependency>
  37.             <groupId>org.springframework.boot</groupId>
  38.             <artifactId>spring-boot-starter-security</artifactId>
  39.         </dependency>
  40.         <dependency>
  41.             <groupId>org.springframework.security</groupId>
  42.             <artifactId>spring-security-config</artifactId>
  43.             <version>6.2.0</version>
  44.         </dependency>
  45.         <dependency>
  46.             <groupId>org.springframework.boot</groupId>
  47.             <artifactId>spring-boot-autoconfigure</artifactId>
  48.             <version>3.2.0</version>
  49.         </dependency>
  50.         <dependency>
  51.             <groupId>org.springframework.security</groupId>
  52.             <artifactId>spring-security-oauth2-client</artifactId>
  53.             <version>6.2.0</version>
  54.         </dependency>
  56.     </dependencies>
  58.     <build>
  59.         <plugins>
  60.             <plugin>
  61.                 <groupId>org.springframework.boot</groupId>
  62.                 <artifactId>spring-boot-maven-plugin</artifactId>
  63.             </plugin>
  64.         </plugins>
  65.     </build>
  67. </project>


我的Vue前端的BackendService.js

  1. import axios from "axios";
  3. const BACKEND_BASE_URL = "BACKEND_URL"
  4. //const accessToken = localStorage.getItem("userInfo");
  5. //const headers = {Authorization: "Bearer " + accessToken};
  7. class BackendService{
  8.     getMatch(matchId){
  9.         console.log("Übermittelt match ID: " + matchId);
  10.         const requestURI = BACKEND_BASE_URL + "/match/" + matchId;
  11.         console.log("Übermittelt an: " + requestURI);
  12.         return axios.get(requestURI/*, {headers: headers}*/);
  13.     }
  14. }
  16. export default new BackendService()


我还尝试使用另一个www.example.com类,但这并没有改变任何东西

  1. @Configuration
  2. @EnableWebMvc
  3. public class WebConfig implements WebMvcConfigurer {
  5.     @Bean
  6.     public CorsFilter corsFilter() {
  7.         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  8.         CorsConfiguration config = new CorsConfiguration();
  10.         // Erlaube Anfragen von allen Ursprüngen
  11.         config.addAllowedOrigin("FRONTEND_URL");
  13.         // Erlaube bestimmte HTTP-Methoden (GET, POST, etc.)
  14.         config.addAllowedMethod("*");
  16.         // Erlaube bestimmte HTTP-Header
  17.         config.addAllowedHeader("*");
  19.         source.registerCorsConfiguration("/**", config);
  21.         return new CorsFilter(source);
  22.     }
  23. }


我已经在我的SecurityConfig中尝试了不同的变体。我认为类WebSecurityConfigurerAdapter不适用于我的Java版本。
我也想过使用我从Google SDK获得的信息作为后端调用的头令牌,但我不知道如何在后端验证令牌时,我根本无法到达它。

spring-boot

2条答案

按热度按时间
hgtggwj0

hgtggwj01#

尝试添加FilterRegistrationBean bean而不是CorsFilter
@Bean FilterRegistrationBean customCorsFilter(){

  1. UrlBasedCorsConfigurationSource source =
  2.     new UrlBasedCorsConfigurationSource();
  3.   CorsConfiguration config = new CorsConfiguration();
  4.   config.setAllowCredentials(false);
  5.   config.addAllowedOrigin(this.allowedOrigins);
  6.   config.addAllowedHeader("*");
  7.   config.addAllowedMethod("*");
  8.   source.registerCorsConfiguration("/**", config);
  10. FilterRegistrationBean<CorsFilter> bean =
  11.     new FilterRegistrationBean<>(new CorsFilter(source));
  12. bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
  13. return bean;

字符串
}

展开查看全部
赞(0)分享  回复(0)举报  2024-01-06
8gsdolmq

8gsdolmq2#

您必须禁用HTTP OPTIONS方法的身份验证(预检请求)。

  1. http
  2.             .authorizeHttpRequests(authorize -> authorize
  3.                     .requestMatchers(mvc.pattern(HttpMethod.OPTIONS, "/**")).permitAll()
  4.                     .anyRequest().authenticated()
  5.             )

字符串

赞(0)分享  回复(0)举报  2024-01-06
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com