[英]Spring Security OAuth2 CORS issue for Authorization header
我使用<spring.version>4.2.0.RELEASE</spring.version>
、 <spring.security.version>4.0.2.RELEASE</spring.security.version>
和<spring.security.oauth2.version>2.0.9.RELEASE</spring.security.oauth2.version>
。
我使用@CrossOrigin
來處理 CORS。 現在,我想允許所有標題和所有方法。 我可以使用除 Authorization 之外的任何其他標頭而沒有任何 CORS 問題。 但是使用授權(發送承載令牌的標頭),我遇到了 CORS 問題。 我在 Class 級別使用@CrossOrigin
annotatiion 並允許所有標題如下 -
@CrossOrigin(allowedHeaders = {"*"})
請求的資源上不存在“Access-Control-Allow-Origin”標頭
如何允許 Authorization 標頭以及我所做的所有其他標頭並避免 CORS 問題?
您可以將以下內容添加到任何配置文件中:
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
final CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(urlBasedCorsConfigurationSource);
}
編輯對於 XML 配置,您可以創建自定義過濾器並將其添加到您的過濾器鏈:
public class CorsFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
XML 配置
<security:filter-chain-map>
<sec:filter-chain pattern="/**"
filters="
ConcurrentSessionFilterAdmin,
securityContextPersistenceFilter,
logoutFilterAdmin,
usernamePasswordAuthenticationFilterAdmin,
basicAuthenticationFilterAdmin,
requestCacheAwareFilter,
securityContextHolderAwareRequestFilter,
anonymousAuthenticationFilter,
sessionManagementFilterAdmin,
exceptionTranslationFilter,
filterSecurityInterceptorAdmin,
CorsFilter"/>
</security:filter-chain-map>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.