Fatal编程技术网
  • java/
  • Java 在spring安全标签中启用CORS

Java 在spring安全标签中启用CORS

java spring spring-mvc spring-security

Java 在spring安全标签中启用CORS,java,spring,spring-mvc,spring-security,token,Java,Spring,Spring Mvc,Spring Security,Token,如何在Spring安全标签(即令牌url)中启用CORS。我使用的是SpringSecurity3.1和SpringMVC4.3.12。我已成功生成令牌以保护API,但无法在令牌url中启用CORS。 我使用了以下代码来生成访问令牌 spring security.xml <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenti

如何在Spring安全标签(即令牌url)中启用CORS。我使用的是SpringSecurity3.1和SpringMVC4.3.12。我已成功生成令牌以保护API,但无法在令牌url中启用
CORS
。 我使用了以下代码来生成访问令牌

spring security.xml

<http pattern="/oauth/token" create-session="stateless"  
          authentication-manager-ref="clientAuthenticationManager"  
          xmlns="http://www.springframework.org/schema/security">  
        <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />  
        <anonymous enabled="false" />  
        <http-basic entry-point-ref="clientAuthenticationEntryPoint" />  
        <!-- include this only if you need to authenticate clients via request   
        parameters -->  
        <custom-filter ref="clientCredentialsTokenEndpointFilter"  
                       after="BASIC_AUTH_FILTER" />  
        <access-denied-handler ref="oauthAccessDeniedHandler" />  
    </http>  

<mvc:cors>
        <mvc:mapping path="/oauth/token" allowed-origins="http://localhost:4200"
                     allowed-methods="GET" allowed-headers="Access-Control-Allow-Origin" />
    </mvc:cors>


:
请求的服务器上不存在“Access Control Allow Origin”标头
资源。因此,不允许使用源“”
通道响应的HTTP状态代码为400


对于此错误,您必须创建如下所示的新类<代码>专用字符串corsFilter=“*”当您提供*时,它将允许一切。希望它能帮助你


@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {

    private String corsFilter="*";

    public CorsFilter() {
    }

    @Override
    public void doFilter(final ServletRequest req, final ServletResponse res,
            final FilterChain chain) throws IOException, ServletException {

        final HttpServletResponse response = (HttpServletResponse) res;
        final HttpServletRequest request = (HttpServletRequest) req;
        response.setHeader("Access-Control-Allow-Origin", corsFilter);
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods",
                "POST,  GET, PUT, OPTIONS, PATCH ,DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", " Content-Type, Authorization");

        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(req, res);
        }
    }

    @Override
    public void init(final FilterConfig filterConfig) {
    }

    @Override
    public void destroy() {
    }
}



我需要为
Filter
classimport javax.servlet.Filter;导入哪个类;。如果我的回答是有帮助的,请接受我的回答,我不能使用XML@jai吗