我收到了以下错误。有人可以帮助我如何配置弹簧安全弹簧启动时的 cors。在 angularjs 中我有什么必须做的 UI 方面。
无法加载http://localhost:8080/SpringGeolocation/login:请求的资源上没有“Access-Control-Allow-Origin”标头。因此不允许原点'http://localhost:8000'访问。 (index):70 {readyState:0,getResponseHeader:ƒ,getAllResponseHeaders:ƒ,setRequestHeader:ƒ,overrideMimeType:ƒ,...} all.min.js:9566 Cross-Origin 读取阻止(CORB)阻止了 cross-origin 响应http://localhost:8080/SpringGeolocation/login,MIME 类型为 application/json。有关详细信息,请参阅https://www.chromestatus.com/feature/5629709824032768。
弹簧靴 2 和弹簧安全
包 com.geo.config;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import com.geo.security.LogoutSuccessHandler;
import com.geo.security.RestUnauthorizedEntryPoint;
@EnableWebSecurity
@Configuration
//@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);
public static final String REMEMBER_ME_KEY = "rememberme_key";
public SecurityConfiguration() {
super();
logger.info("loading SecurityConfig ................................................ ");
}
@Autowired
private RestUnauthorizedEntryPoint restAuthenticationEntryPoint;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private AccessDeniedHandler restAccessDeniedHandler;
@Autowired
private AuthenticationSuccessHandler restAuthenticationSuccessHandler;
@Autowired
private AuthenticationFailureHandler restAuthenticationFailureHandler;
@Autowired
private RememberMeServices rememberMeServices;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Autowired
LogoutSuccessHandler logoutSuccessHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests().antMatchers("/user/**").hasAnyAuthority("admin", "user")
.anyRequest().authenticated().antMatchers("/role/**").hasAnyAuthority("admin")
.and().exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.accessDeniedHandler(restAccessDeniedHandler).and().formLogin().loginPage("/login") // by putting this
// or by applying
// authentication
// entrypoint default login page would not appear
// .loginProcessingUrl("/authenticate")
.successHandler(restAuthenticationSuccessHandler).failureHandler(restAuthenticationFailureHandler)
.usernameParameter("username").passwordParameter("password").permitAll().and().logout()
.logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler).deleteCookies("JSESSIONID").permitAll()
.and().rememberMe().rememberMeServices(rememberMeServices).rememberMeParameter("remember-me")
.rememberMeCookieName("remember-me").key(REMEMBER_ME_KEY);
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**");
web.ignoring().antMatchers("/resources/**", "/index.html", "/login.html", "/partials/**", "/template/**", "/",
"/error/**");
}
}
属性文件
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL5InnoDBDialect
spring.datasource.url=jdbc:mysql://localhost:3306/googlemap
spring.datasource.username=root
spring.datasource.password=root
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
# logging
logging.pattern.console=%d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %msg%n
logging.level.org.hibernate.SQL=debug
logging.level.root=info
#server.error.whitelabel.enabled=false
spring.aop.proxy-target-class=false
management.endpoints.web.cors.allowed-origins=http://localhost:8080
management.endpoints.web.cors.allowed-methods=GET,POST,PUT,DELETE,HEAD
@Configuration
@EnableWebMvc
@ComponentScan("com.geo")
public class AppConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD")
.allowedOrigins("http://localhost:8080");
}
}
1 回答
添加允许标头和公开标头应该可行。