Java 在spring安全标签中启用CORS
如何在Spring安全标签(即令牌url)中启用CORS。我使用的是SpringSecurity3.1和SpringMVC4.3.12。我已成功生成令牌以保护API,但无法在令牌url中启用Java 在spring安全标签中启用CORS,java,spring,spring-mvc,spring-security,token,Java,Spring,Spring Mvc,Spring Security,Token,如何在Spring安全标签(即令牌url)中启用CORS。我使用的是SpringSecurity3.1和SpringMVC4.3.12。我已成功生成令牌以保护API,但无法在令牌url中启用CORS。 我使用了以下代码来生成访问令牌 spring security.xml <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenti
CORS
。
我使用了以下代码来生成访问令牌
spring security.xml
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request
parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter"
after="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<mvc:cors>
<mvc:mapping path="/oauth/token" allowed-origins="http://localhost:4200"
allowed-methods="GET" allowed-headers="Access-Control-Allow-Origin" />
</mvc:cors>
:
请求的服务器上不存在“Access Control Allow Origin”标头
资源。因此,不允许使用源“”
通道响应的HTTP状态代码为400
对于此错误,您必须创建如下所示的新类<代码>专用字符串corsFilter=“*”代码>当您提供*时,它将允许一切。希望它能帮助你
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
private String corsFilter="*";
public CorsFilter() {
}
@Override
public void doFilter(final ServletRequest req, final ServletResponse res,
final FilterChain chain) throws IOException, ServletException {
final HttpServletResponse response = (HttpServletResponse) res;
final HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", corsFilter);
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods",
"POST, GET, PUT, OPTIONS, PATCH ,DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", " Content-Type, Authorization");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void init(final FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
我需要为Filter
classimport javax.servlet.Filter;导入哪个类;。如果我的回答是有帮助的,请接受我的回答,我不能使用XML@jai吗