使用 angular 和 spring 與 JWT 啟動服務的 PUT 請求出現 403 錯誤
[英]403 error with PUT request using angular and spring boot service with JWT
問題描述
package com.example.invoiceapp.security;
import java.util.Arrays;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private UserDetailsService userDetailsService;
private static final String[] AUTH_WHITELIST = { "/v2/api-docs", "/swagger-resources", "/swagger-resources/**",
"/configuration/ui", "/configuration/security", "/swagger-ui.html", "/webjars/**" };
public SecurityConfiguration(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().configurationSource(configurationSource()).and().csrf().disable().authorizeRequests().antMatchers(AUTH_WHITELIST).permitAll()
.antMatchers(HttpMethod.POST, "/authenticate/signup").permitAll().anyRequest().authenticated().and()
.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)).and()
.addFilter(new AuthenticationFilter(authenticationManager()))
.addFilter(new AuthorizationFilter(authenticationManager())).sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().formLogin().usernameParameter("email");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder() );
}
@Bean
CorsConfigurationSource configurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH", "OPTIONS"));
configuration.setAllowCredentials(true);
// configuration.addAllowedOrigin("*");
// configuration.addAllowedHeader("*");
// configuration.addAllowedMethod("*");
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
return source;
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
我正在嘗試從前端 angular 應用程序發出 PUT 請求,但 OPTIONS 的飛行前請求失敗並給出錯誤:
從源“http://localhost:4200”訪問“https://invoice-backend-heroku.herokuapp.com/api/invoices/5fe8353905dfdc66e95e7269”上的 XMLHttpRequest 已被 Z5A8FEFF0B4BDE3EEC9244B76023B79 的預請求不響應阻止通過訪問控制檢查:請求的資源上不存在“Access-Control-Allow-Origin”header。
即使我已經允許所有的起源和方法。 我不確定如何配置我的 corsconfiguration 以使其工作。 我對同一 spring 引導服務的 POST 請求與 GET 請求一樣工作正常。
1 個解決方案
解決方案1
1 2021-01-13 03:19:51
@Bean
CorsConfigurationSource configurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH", "OPTIONS"));
configuration.setAllowCredentials(true);
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration.applyPermitDefaultValues());
return source;
}
您應該在 source.registerCorsConfiguration("/**", configuration.applyPermitDefaultValues()); 中使用參考 object 配置; 而不是創建新的 Object new CorsConfiguration()
Spring 啟動 -- 使用 CSRF 令牌發布請求產生 403 錯誤
[英]Spring Boot -- Post request with CSRF token produce 403 error
發送PUT請求時出現Spring + AngularJs + Tomcat 9.0-403錯誤
[英]Spring +AngularJs + Tomcat 9.0 - 403 error when sending a PUT request
使用Spring Boot + Spring Security時圖像上出現錯誤403
[英]Error 403 on image when using Spring Boot + Spring Security
Android retrofit 在向 spring 引導發送請求時出錯?
[英]Android retrofit error in sending put request to spring boot?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
Spring 發送請求時啟動錯誤 403
Spring Boot JWT CORS 與 Angular 6
Spring 啟動 -- 使用 CSRF 令牌發布請求產生 403 錯誤
發送PUT請求時出現Spring + AngularJs + Tomcat 9.0-403錯誤
使用Spring Boot + Spring Security時圖像上出現錯誤403
從Angular5到Spring-boot的PUT請求
Spring Boot 403禁止在Tomcat 9中使用POST請求
Android retrofit 在向 spring 引導發送請求時出錯?
安全性:Java Spring Boot + Angular 2 + JWT
問題得到 jwt 與 Spring 引導到 angular
相關標簽