CORS 不适用于 Spring Boot 和 AngularJS
CORS not working with Spring Boot and AngularJS
我将 in Spring Boot and How do I get basic auth working in AngularJS? 中的代码用于 AngularJS。
在我设置基本身份验证之前,CORS 正在运行。身份验证本身在服务器上单独工作,但不能组合使用。
是的,我正在使用 Chrome,我了解到 CORS 并不总是正确工作;
但它工作正常,当我构建服务器并在线启动它时(spring 启动端口 8080),它也没有工作。
我得到:Refused to set unsafe header "Access-Control-Request-Headers" 和典型的 Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63344' is therefore not allowed access. The response had HTTP status code 401. 错误。
Spring 开机
CORS
@Configuration
public class RestConfiguration {
/**
* until https://jira.spring.io/browse/DATAREST-573
*/
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
// return new CorsFilter(source);
final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
安全
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String username = "dummy";
private static final String password = "dummy";
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests() //Authorize Request Configuration
.antMatchers("/api/**").hasRole("API")
.anyRequest().authenticated()
.and() //HTTP basic Authentication only for API
.antMatcher("/api/**").httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser(username).password(password).roles("API");
}
}
AngularJS
app.config(function ($httpProvider, Base64Provider) {
//
$httpProvider.defaults.useXDomain = true;
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common["X-Requested-With"];
$httpProvider.defaults.headers.common["Accept"] = "application/json";
$httpProvider.defaults.headers.common["Content-Type"] = "application/json";
$httpProvider.defaults.headers.common["Access-Control-Request-Headers"] = "accept, content-type, origin, authorization";
$httpProvider.defaults.headers.common['Authorization'] = 'Basic ' + Base64Provider.encode('dummy' + ':' + 'dummy');
});
您需要在安全配置中添加cors过滤器。
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
.authorizeRequests()
.antMatchers("/api/**").hasRole("API")
.anyRequest().authenticated()
.and()
.antMatcher("/api/**").httpBasic();
}
}
我将
在我设置基本身份验证之前,CORS 正在运行。身份验证本身在服务器上单独工作,但不能组合使用。
是的,我正在使用 Chrome,我了解到 CORS 并不总是正确工作;
但它工作正常,当我构建服务器并在线启动它时(spring 启动端口 8080),它也没有工作。
我得到:Refused to set unsafe header "Access-Control-Request-Headers" 和典型的 Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63344' is therefore not allowed access. The response had HTTP status code 401. 错误。
Spring 开机
CORS
@Configuration
public class RestConfiguration {
/**
* until https://jira.spring.io/browse/DATAREST-573
*/
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
// return new CorsFilter(source);
final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
安全
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String username = "dummy";
private static final String password = "dummy";
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests() //Authorize Request Configuration
.antMatchers("/api/**").hasRole("API")
.anyRequest().authenticated()
.and() //HTTP basic Authentication only for API
.antMatcher("/api/**").httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser(username).password(password).roles("API");
}
}
AngularJS
app.config(function ($httpProvider, Base64Provider) {
//
$httpProvider.defaults.useXDomain = true;
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common["X-Requested-With"];
$httpProvider.defaults.headers.common["Accept"] = "application/json";
$httpProvider.defaults.headers.common["Content-Type"] = "application/json";
$httpProvider.defaults.headers.common["Access-Control-Request-Headers"] = "accept, content-type, origin, authorization";
$httpProvider.defaults.headers.common['Authorization'] = 'Basic ' + Base64Provider.encode('dummy' + ':' + 'dummy');
});
您需要在安全配置中添加cors过滤器。
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
.authorizeRequests()
.antMatchers("/api/**").hasRole("API")
.anyRequest().authenticated()
.and()
.antMatcher("/api/**").httpBasic();
}
}