stackoom
  简体   繁体   中英

Spring Security OAuth2 CORS issue for Authorization header

 原文  2016-03-10 09:57:15       java/ spring-security/ cors/ authorization/ spring-oauth2

Question

I use <spring.version>4.2.0.RELEASE</spring.version> , <spring.security.version>4.0.2.RELEASE</spring.security.version> , and <spring.security.oauth2.version>2.0.9.RELEASE</spring.security.oauth2.version> .

I use @CrossOrigin to dela with CORS. For now, I want to allow all the headers and all the methods. I can use any of the other headers than Authorization without any CORS issue. But with Authorization(header to send Bearer token), I get CORS issue. I use @CrossOrigin annotatiion at Class level and allow all the headers as below -

@CrossOrigin(allowedHeaders = {"*"})

No 'Access-Control-Allow-Origin' header is present on the requested resource

How can I allow Authorization header as well as I did all other headers and avoid CORS issues?

1 answers

solution1
 1  2016-03-11 00:40:18

You can add the following to any configuration file:

@Bean
public CorsFilter corsFilter() {
    final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration corsConfiguration = new CorsConfiguration();
    corsConfiguration.setAllowCredentials(true);
    corsConfiguration.addAllowedOrigin("*");
    corsConfiguration.addAllowedHeader("*");
    corsConfiguration.addAllowedMethod("*");
    urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
    return new CorsFilter(urlBasedCorsConfigurationSource);
}

EDIT For XML configuration, you could create a custom filter and add it to your filter chain:

public class CorsFilter implements Filter {

  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletResponse response = (HttpServletResponse) res;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "*");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "*");
    chain.doFilter(req, res);
  }

  public void init(FilterConfig filterConfig) {}

  public void destroy() {}

}

XML config 

<security:filter-chain-map>
    <sec:filter-chain pattern="/**"
        filters="
        ConcurrentSessionFilterAdmin, 
        securityContextPersistenceFilter, 
        logoutFilterAdmin, 
        usernamePasswordAuthenticationFilterAdmin, 
        basicAuthenticationFilterAdmin, 
        requestCacheAwareFilter, 
        securityContextHolderAwareRequestFilter, 
        anonymousAuthenticationFilter, 
        sessionManagementFilterAdmin, 
        exceptionTranslationFilter, 
        filterSecurityInterceptorAdmin,
        CorsFilter"/>
</security:filter-chain-map>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CORS Spring Security Oauth2 Spring Oauth2 CORS issue CORS interfering with Spring Security oauth2 User authorization in spring security using OAuth2 OAuth2 authorization with Spring Security and Rabbitmq Spring security OAuth2 authorization process Spring Security OAuth2 correct Authorization Manager oauth2 authorization with 3.0.5 spring security spring boot security oauth2 preflight issue OpenID (OAuth2) Authorization failing using Spring Boot and Spring Security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM