I use <spring.version>4.2.0.RELEASE</spring.version>
, <spring.security.version>4.0.2.RELEASE</spring.security.version>
, and <spring.security.oauth2.version>2.0.9.RELEASE</spring.security.oauth2.version>
.
I use @CrossOrigin
to dela with CORS. For now, I want to allow all the headers and all the methods. I can use any of the other headers than Authorization without any CORS issue. But with Authorization(header to send Bearer token), I get CORS issue. I use @CrossOrigin
annotatiion at Class level and allow all the headers as below -
@CrossOrigin(allowedHeaders = {"*"})
No 'Access-Control-Allow-Origin' header is present on the requested resource
How can I allow Authorization header as well as I did all other headers and avoid CORS issues?
You can add the following to any configuration file:
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
final CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(urlBasedCorsConfigurationSource);
}
EDIT For XML configuration, you could create a custom filter and add it to your filter chain:
public class CorsFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
XML config
<security:filter-chain-map>
<sec:filter-chain pattern="/**"
filters="
ConcurrentSessionFilterAdmin,
securityContextPersistenceFilter,
logoutFilterAdmin,
usernamePasswordAuthenticationFilterAdmin,
basicAuthenticationFilterAdmin,
requestCacheAwareFilter,
securityContextHolderAwareRequestFilter,
anonymousAuthenticationFilter,
sessionManagementFilterAdmin,
exceptionTranslationFilter,
filterSecurityInterceptorAdmin,
CorsFilter"/>
</security:filter-chain-map>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.