Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/371.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 针对授权标头的Spring安全OAuth2 CORS问题_Java_Spring Security_Cors_Authorization_Spring Oauth2 - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 针对授权标头的Spring安全OAuth2 CORS问题

Java 针对授权标头的Spring安全OAuth2 CORS问题

java spring-security cors

Java 针对授权标头的Spring安全OAuth2 CORS问题,java,spring-security,cors,authorization,spring-oauth2,Java,Spring Security,Cors,Authorization,Spring Oauth2,我使用4.2.0.RELEASE、4.0.2.RELEASE和2.0.9.RELEASE 我使用@CrossOrigin对CORS进行dela。现在,我想允许所有的头和所有的方法。我可以使用除授权之外的任何其他标题,而无需任何CORS问题。但通过授权(发送承载令牌的头部),我得到了CORS问题。我在类级别使用@CrossOrigin注释,并允许所有标题如下- @CrossOrigin(allowedHeaders = {"*"}) 请求的服务器上不存在“Access Control Allow

我使用
4.2.0.RELEASE
4.0.2.RELEASE
2.0.9.RELEASE

我使用
@CrossOrigin
对CORS进行dela。现在,我想允许所有的头和所有的方法。我可以使用除授权之外的任何其他标题,而无需任何CORS问题。但通过授权(发送承载令牌的头部),我得到了CORS问题。我在类级别使用
@CrossOrigin
注释,并允许所有标题如下-

@CrossOrigin(allowedHeaders = {"*"})
请求的服务器上不存在“Access Control Allow Origin”标头 资源

我如何才能像允许所有其他头一样允许授权头并避免CORS问题?

您可以将以下内容添加到任何配置文件中:

@Bean
public CorsFilter corsFilter() {
    final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration corsConfiguration = new CorsConfiguration();
    corsConfiguration.setAllowCredentials(true);
    corsConfiguration.addAllowedOrigin("*");
    corsConfiguration.addAllowedHeader("*");
    corsConfiguration.addAllowedMethod("*");
    urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
    return new CorsFilter(urlBasedCorsConfigurationSource);
}
编辑 对于XML配置,您可以创建自定义筛选器并将其添加到筛选器链:

public class CorsFilter implements Filter {

  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletResponse response = (HttpServletResponse) res;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "*");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "*");
    chain.doFilter(req, res);
  }

  public void init(FilterConfig filterConfig) {}

  public void destroy() {}

}
XML配置

<security:filter-chain-map>
    <sec:filter-chain pattern="/**"
        filters="
        ConcurrentSessionFilterAdmin, 
        securityContextPersistenceFilter, 
        logoutFilterAdmin, 
        usernamePasswordAuthenticationFilterAdmin, 
        basicAuthenticationFilterAdmin, 
        requestCacheAwareFilter, 
        securityContextHolderAwareRequestFilter, 
        anonymousAuthenticationFilter, 
        sessionManagementFilterAdmin, 
        exceptionTranslationFilter, 
        filterSecurityInterceptorAdmin,
        CorsFilter"/>
</security:filter-chain-map>
我没有注释配置。我的是XML配置-