Java Spring Security CORS:源已被CORS策略阻止
我第一次在angular项目中使用spring boot,在添加spring安全依赖项之前,一切正常Java Spring Security CORS:源已被CORS策略阻止,java,spring,spring-security,Java,Spring,Spring Security,我第一次在angular项目中使用spring boot,在添加spring安全依赖项之前,一切正常 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <gro
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
我试图按照文档建议更改配置,因此添加了类
src/main/java/com/example/securingweb/WebSecurityConfig.java
我的控制器中也有:
@CrossOrigin(origins = "http://localhost:4200")
由于您添加了Spring安全依赖项,所以Spring将启用基本身份验证,它将验证您的每个请求。这也支持CORS(跨源请求共享)。尽管您已经为每个不足以禁用CORS的请求添加了交叉源 更多关于 因此,您需要发送spring security生成的令牌,该令牌将在控制台上打印 或 您需要配置Spring安全配置类,该类将验证您的身份验证或允许特定url 更多关于Spring安全的信息
添加了这两个类,现在我有一个:post403错误。如果没有Corse,当您试图在web浏览器中打开的网页(或其他资源)是不允许访问的资源时,将发生403禁止错误。这被称为403错误,因为这是web服务器用来描述此类错误的HTTP状态代码。由于您已经配置了Spring安全配置,现在您需要定义角色,同时需要应用于特定的端点。所以你需要了解角色将如何使用这里看看
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer{
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
}
@CrossOrigin(origins = "http://localhost:4200")
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import java.util.Arrays;
@Configuration
public class CorsConfig {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.setAllowedHeaders(Arrays.asList("*"));
config.setAllowedOrigins(Arrays.asList("*"));
config.setAllowedMethods(Arrays.asList("GET","POST"));
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.filter.CorsFilter;
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers(
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/h2-console/**"
);
}
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors()
.and()
.csrf()
.disable()
.exceptionHandling()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/authenticate").permitAll()
.antMatchers("/offerTransactionCall").permitAll()
.anyRequest().authenticated();
}
}