Angular 弹簧靴JWT Cors不适用于角度8

我的后端服务在Spring Boot中，UI在Angular 8中。 我已启用JWT，因此所有api调用都需要通过传递Authorizarion头来完成，并将JWT标记作为值

我设置了CORS，如下所示：

@SpringBootApplication
public class MyServicesApplication {

    public static void main(String[] args) {
        SpringApplication.run(MyServicesApplication.class, args);
    }
    
    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurer() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**").allowedOrigins("http://localhost:4200");
            }
        };
        
    }
}

在此之后，我可以访问登录API，它是

http://localhost:8080/login

但我无法访问任何受保护的路由。调用后端API服务时出现以下错误

Access to XMLHttpRequest at 'http://localhost:8080/api/v1/data' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

我已经为我的JWT设置了这样的Web安全性。这是否影响了案件

@EnableWebSecurity
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService myUserDetailsService;
    @Autowired
    private JwtRequestFilter jwtRequestFilter;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailsService);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable().authorizeRequests().antMatchers("/login").permitAll().anyRequest()
                .authenticated().and().exceptionHandling().and().sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
    }
}

---

在您的WebSecurity配置类中添加：

@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();

    //here you add all origins possible
    configuration.setAllowedOrigins(Arrays.asList("http://localhost", "http://localhost:8080", "http://localhost:4200"));

    configuration.setAllowedMethods(Arrays.asList("GET", "PUT", "POST","OPTIONS", "DELETE"));
    configuration.setAllowedHeaders(Arrays.asList("authorization","content-type"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

您可以在每个@RestController类中添加注释@CrossOrigin，在本例中，我以最通用的方式编写了：

@CrossOrigin(origins = "*", allowedHeaders = "*")
@RestControler
public class YourController {

...

}

---

在您的WebSecurity配置类中添加：

@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();

    //here you add all origins possible
    configuration.setAllowedOrigins(Arrays.asList("http://localhost", "http://localhost:8080", "http://localhost:4200"));

    configuration.setAllowedMethods(Arrays.asList("GET", "PUT", "POST","OPTIONS", "DELETE"));
    configuration.setAllowedHeaders(Arrays.asList("authorization","content-type"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

您可以在每个@RestController类中添加注释@CrossOrigin，在本例中，我以最通用的方式编写了：

@CrossOrigin(origins = "*", allowedHeaders = "*")
@RestControler
public class YourController {

...

}

---

在您的，

WebSecurityConfig#配置（HttpSecurity-HttpSecurity）

更新如下

httpSecurity
.cors（）
...

在您的，

WebSecurityConfig#配置（HttpSecurity-HttpSecurity）

更新如下

httpSecurity
.cors（）
...

您正在创建一个bean，您在哪里使用它？您正在创建一个bean，您在哪里使用它？