堆栈内存溢出
  简体   繁体   English

Spring CorsFilter似乎在预检请求中仍然收到401仍然无法正常工作

[英]Spring CorsFilter does not seem to work still receiving a 401 on preflight requests

 原文  2016-07-27 00:01:26       java/ spring/ spring-security/ cors

问题描述

Hi I'm new to spring security and trying to figure out how to configure auth server to issue tokens. 嗨,我是Spring Security的新手,正在尝试弄清楚如何配置身份验证服务器以颁发令牌。 the problem i have right now is that I'm receiving 401 or 403 on the Cors preflight requests and not sure how to resolve below is a barebone implementation of it based on few tutorials 我现在遇到的问题是,我在Cors预检请求中收到401或403,不确定下面如何解决是基于一些教程的准系统实现

https://spring.io/blog/2015/06/08/cors-support-in-spring-framework http://www.baeldung.com/spring-security-oauth-jwt https://spring.io/blog/2015/06/08/cors-support-in-spring-framework http://www.baeldung.com/spring-security-oauth-jwt 

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
@PropertySource(value = "classpath:oauth.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    UserRepository userRepository;


    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }


    @Override
    public void configure(WebSecurity web) throws Exception {

        super.configure(web);
    }

    @Autowired
    ObjectMapper mapper;




    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();

        http.authorizeRequests().antMatchers(HttpMethod.OPTIONS,"/oauth/token").permitAll()
        .anyRequest().authenticated();
    }




    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(final AuthenticationManagerBuilder auth) throws Exception{

        auth.inMemoryAuthentication().
        withUser("john").password("123").roles("USER").
        and().
        withUser("tom").password("111").roles("ADMIN");

    }
    @Bean
    public FilterRegistrationBean corsFilter() {
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter2());
        bean.setOrder(0);
        return bean;
    }


}


@Configuration
@EnableAuthorizationServer
public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter{

    @Autowired
    private Environment env;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;


    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer){
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
    }


    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
        clients.inMemory().withClient("acme").secret("acmesecret").authorizedGrantTypes("authorization_code", "refresh_token",
                  "password").scopes("openId");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints){
        final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(),accessTokenConverter()));
        endpoints.tokenStore(tokenStore())
                 .tokenEnhancer(tokenEnhancerChain)
                 .authenticationManager(authenticationManager);

    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter(){
        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        return converter;
    }

    @Bean
    public TokenStore tokenStore(){

        return new JwtTokenStore(accessTokenConverter());

    }

    @Bean
    public FilterRegistrationBean corsFilter() {
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter2());
        bean.setOrder(0);
        return bean;
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        return defaultTokenServices;
    }
}

the CorsFilter2 is spring cors filter that was introduced in spring 4.2 I was i'm using it to insert the proper response headers to send back to the client. CorsFilter2是在春季4.2中引入的spring cors过滤器,当时我正在使用它来插入适当的响应头以发送回客户端。

1 个解决方案

解决方案1
 0 已采纳  2016-07-27 16:51:23

So I figured out what my problem I had to configure my websecurity to ignore CoresRequest request as well so inside the configure block for the websecurity i had to set this 因此,我想出了我必须配置Web安全性以忽略CoresRequest请求的问题,因此必须在WebSecurity的configure块中设置此设置 

    web.ignoring().requestMatchers(CorsUtils::isPreFlightRequest);

and it started to work. 它开始起作用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Boot 和 PreFlight 请求 - Spring Boot and PreFlight requests Spring SmartLifeCycle似乎不适用于后期构造 - Spring SmartLifeCycle does not seem to work with post construct Spring portlet mvc: @Valid 似乎不起作用 - Spring portlet mvc: @Valid does not seem to work 预检的响应具有无效的HTTP状态代码401 - Spring - Response for preflight has invalid HTTP status code 401 - Spring Spring 开机选错 CorsFilter - Spring boot is picking wrong CorsFilter 在Spring和init-method中嵌套抽象bean似乎不起作用 - Nesting abstract beans in Spring and init-method does not seem to work 嵌套列表中的属性发布在 spring mvc 中似乎不起作用 - Post of properties in a nested list does not seem to work in spring mvc ExpireAfterWrite似乎不起作用 - ExpireAfterWrite does not seem to work Cors 使用 CorsFilter 和 spring 安全性时出错 - Cors Error when using CorsFilter and spring security 为什么Spring的MessageDigestPasswordEncoder将`{}`放入盐中? 其javadoc中的示例似乎不起作用 - Why does Spring's MessageDigestPasswordEncoder take `{}` into the salt? The example in its javadoc does not seem to work
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM