Angular 弹簧靴JWT Cors不适用于角度8
我的后端服务在Spring Boot中,UI在Angular 8中。 我已启用JWT,因此所有api调用都需要通过传递Authorizarion头来完成,并将JWT标记作为值 我设置了CORS,如下所示:Angular 弹簧靴JWT Cors不适用于角度8,angular,spring,spring-boot,cors,Angular,Spring,Spring Boot,Cors,我的后端服务在Spring Boot中,UI在Angular 8中。 我已启用JWT,因此所有api调用都需要通过传递Authorizarion头来完成,并将JWT标记作为值 我设置了CORS,如下所示: @SpringBootApplication public class MyServicesApplication { public static void main(String[] args) { SpringApplication.run(MyServicesA
@SpringBootApplication
public class MyServicesApplication {
public static void main(String[] args) {
SpringApplication.run(MyServicesApplication.class, args);
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("http://localhost:4200");
}
};
}
}
在此之后,我可以访问登录API,它是
http://localhost:8080/login
但我无法访问任何受保护的路由。调用后端API服务时出现以下错误
Access to XMLHttpRequest at 'http://localhost:8080/api/v1/data' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
我已经为我的JWT设置了这样的Web安全性。这是否影响了案件
@EnableWebSecurity
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService myUserDetailsService;
@Autowired
private JwtRequestFilter jwtRequestFilter;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable().authorizeRequests().antMatchers("/login").permitAll().anyRequest()
.authenticated().and().exceptionHandling().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
}
在您的WebSecurity配置类中添加:
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
//here you add all origins possible
configuration.setAllowedOrigins(Arrays.asList("http://localhost", "http://localhost:8080", "http://localhost:4200"));
configuration.setAllowedMethods(Arrays.asList("GET", "PUT", "POST","OPTIONS", "DELETE"));
configuration.setAllowedHeaders(Arrays.asList("authorization","content-type"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
您可以在每个@RestController类中添加注释@CrossOrigin,在本例中,我以最通用的方式编写了:
@CrossOrigin(origins = "*", allowedHeaders = "*")
@RestControler
public class YourController {
...
}
在您的WebSecurity配置类中添加:
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
//here you add all origins possible
configuration.setAllowedOrigins(Arrays.asList("http://localhost", "http://localhost:8080", "http://localhost:4200"));
configuration.setAllowedMethods(Arrays.asList("GET", "PUT", "POST","OPTIONS", "DELETE"));
configuration.setAllowedHeaders(Arrays.asList("authorization","content-type"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
您可以在每个@RestController类中添加注释@CrossOrigin,在本例中,我以最通用的方式编写了:
@CrossOrigin(origins = "*", allowedHeaders = "*")
@RestControler
public class YourController {
...
}
在您的,
WebSecurityConfig#配置(HttpSecurity-HttpSecurity)
更新如下
httpSecurity
.cors()
...
在您的,WebSecurityConfig#配置(HttpSecurity-HttpSecurity)
更新如下
httpSecurity
.cors()
...
您正在创建一个bean,您在哪里使用它?您正在创建一个bean,您在哪里使用它?