Java 飞行前的访问控制允许方法不允许使用方法修补程序
我使用以下技术: -爪哇8 -弹簧(后备箱2,安全) -反应,axios -雄猫9 -英特利基德 在我的项目中,我使用以下http方法:GET、POST、PUT、PATCH和其他方法。我有CORS配置。在开发环境中运行我的项目时,或者在Postman->CORS中测试方法时,效果非常好。然而,当我收集war文件并在Tomcat服务器上运行它时,补丁方法拒绝工作。(错误:飞行前响应中的访问控制允许方法不允许方法路径)。请帮忙,把它修好 安全配置:Java 飞行前的访问控制允许方法不允许使用方法修补程序,java,spring-boot,spring-security,cors,axios,Java,Spring Boot,Spring Security,Cors,Axios,我使用以下技术: -爪哇8 -弹簧(后备箱2,安全) -反应,axios -雄猫9 -英特利基德 在我的项目中,我使用以下http方法:GET、POST、PUT、PATCH和其他方法。我有CORS配置。在开发环境中运行我的项目时,或者在Postman->CORS中测试方法时,效果非常好。然而,当我收集war文件并在Tomcat服务器上运行它时,补丁方法拒绝工作。(错误:飞行前响应中的访问控制允许方法不允许方法路径)。请帮忙,把它修好 安全配置: @Override protected v
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.headers().frameOptions().sameOrigin()
.and()
.authorizeRequests()
.antMatchers("/",
"/favicon.ico",
"/**/*.png",
"/**/*.gif",
"/**/*.svg",
"/**/*.jpg",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/static/**",
"/static/css/*",
"/static/js/*",
"/*.js",
"/*.json",
"/*.ico"
).permitAll()
.antMatchers(SIGN_UP_URLS).permitAll()
.antMatchers(H2_URL).permitAll()
.anyRequest().authenticated()
;
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("HEAD",
"GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setExposedHeaders(Arrays.asList("X-Auth-Token","Authorization","Access-Control-Allow-Origin","Access-Control-Allow-Credentials"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
CORS配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.headers().frameOptions().sameOrigin()
.and()
.authorizeRequests()
.antMatchers("/",
"/favicon.ico",
"/**/*.png",
"/**/*.gif",
"/**/*.svg",
"/**/*.jpg",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/static/**",
"/static/css/*",
"/static/js/*",
"/*.js",
"/*.json",
"/*.ico"
).permitAll()
.antMatchers(SIGN_UP_URLS).permitAll()
.antMatchers(H2_URL).permitAll()
.anyRequest().authenticated()
;
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("HEAD",
"GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setExposedHeaders(Arrays.asList("X-Auth-Token","Authorization","Access-Control-Allow-Origin","Access-Control-Allow-Credentials"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
CORS的网络配置。
您可以为CORS源配置创建一个WebConfig类
WebConfig.java
如果您在其他方面都使用现代技术,为什么要部署到外部Tomcat中?除了PATCH之外,您还能执行其他方法吗?您的意思是什么@chrylis@PatelRomil另一种方法效果很好,在新项目中使用war文件已经过时;SpringBoot为您解决了所有这些问题,而这种问题正是Boot的内部支持使之更容易解决的。谢谢!终于用DELETE解决了我的CORS问题