Java Spring boot中Post映射的Cors错误
我有一个带rest控制器的Spring启动应用程序和一个Angular应用程序作为前端。 目前,它们都在本地主机上运行,SpringSecurity在Spring中启用。 最初,由于Cors,我无法从Angular向Spring发出getRequest。我将@CrossOrigin添加到我的restContoller中,现在我可以执行从angular到Spring的Get请求。 现在我在post请求中也遇到了同样的问题。我想将一些表单数据从angular发送到Spring,但我总是在Chrome中出错。我在这里也添加了@CrossOrigin,但我仍然有这个问题。 如果我试着向邮递员发帖,效果会很好 zone.js:3243从源“”访问“localhost:8080/rest/contact”处的XMLHttpRequest已被CORS策略阻止:跨源请求仅支持协议方案:http、数据、chrome、chrome扩展、https contact.component.ts:51 HttpErrorResponse{headers:HttpHeaders,状态:0,状态文本:“未知错误”,url:“localhost:8080/rest/contact”,ok:false,…} 这是我的安全配置:Java Spring boot中Post映射的Cors错误,java,angular,spring,rest,cors,Java,Angular,Spring,Rest,Cors,我有一个带rest控制器的Spring启动应用程序和一个Angular应用程序作为前端。 目前,它们都在本地主机上运行,SpringSecurity在Spring中启用。 最初,由于Cors,我无法从Angular向Spring发出getRequest。我将@CrossOrigin添加到我的restContoller中,现在我可以执行从angular到Spring的Get请求。 现在我在post请求中也遇到了同样的问题。我想将一些表单数据从angular发送到Spring,但我总是在Chrome
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
protected void configure (AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(getPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
http
.authorizeRequests()
.antMatchers("/admin/**").authenticated()//.hasAnyRole("ADMIN","USER")
.and().formLogin().loginPage("/login").permitAll()
.and().logout();
http.csrf().disable();
//http.headers().frameOptions().disable();
}
private PasswordEncoder getPasswordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return encode(charSequence).equals(s);
}
};
}
}
@Configuration
public class CorsConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
};
}
}
@Configuration
public class CorsConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("*")
.allowedOrigins("http://localhost:4200");
}
};
}
}
我的Cors配置:
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
protected void configure (AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(getPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
http
.authorizeRequests()
.antMatchers("/admin/**").authenticated()//.hasAnyRole("ADMIN","USER")
.and().formLogin().loginPage("/login").permitAll()
.and().logout();
http.csrf().disable();
//http.headers().frameOptions().disable();
}
private PasswordEncoder getPasswordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return encode(charSequence).equals(s);
}
};
}
}
@Configuration
public class CorsConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
};
}
}
@Configuration
public class CorsConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("*")
.allowedOrigins("http://localhost:4200");
}
};
}
}
我的休息控制器:
@RestController()
@CrossOrigin(origins = "http://localhost:4200/**", maxAge = 3600)
public class GymRestController {
private final GymRepository gymRepository;
GymRestController (GymRepository gymRepository) {
this.gymRepository = gymRepository;
}
@GetMapping("/rest/gyms")
public List<Gym> findAll() {
return gymRepository.findAll();
}
@PostMapping ("/rest/contact")
public void submitContact(@RequestBody ContactForm contactForm) {
System.out.println(contactForm);
}
}
我已经试了三天了,想让这一切顺利进行
请在Spring io link上提供以下帮助,不胜感激:
如果您使用的是Spring Boot,建议只声明WebMvcConfigurer bean,如下所示:
@Configuration
public class MyConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
};
}
}
您可以轻松更改任何属性,也可以仅将此CORS配置应用于特定的路径模式:
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/**")
.allowedOrigins("http://domain2.com")
.allowedMethods("PUT", "DELETE","POST")
.allowedHeaders("header1", "header2", "header3")
.exposedHeaders("header1", "header2")
.allowCredentials(false).maxAge(3600);
}
您可以使用localhost或所需的host/url替换上面的内容 我终于找到了解决办法。我必须在Spring Security中启用cors并禁用csrf
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.authorizeRequests()
.antMatchers("/admin/**").authenticated()//.hasAnyRole("ADMIN","USER")
.and().formLogin().loginPage("/login").permitAll()
.and().logout();
http.csrf().disable();
http.headers().frameOptions().disable();
}
我不得不从控制器中删除@CrossOrigin,并添加了以下配置:
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
protected void configure (AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(getPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
http
.authorizeRequests()
.antMatchers("/admin/**").authenticated()//.hasAnyRole("ADMIN","USER")
.and().formLogin().loginPage("/login").permitAll()
.and().logout();
http.csrf().disable();
//http.headers().frameOptions().disable();
}
private PasswordEncoder getPasswordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return encode(charSequence).equals(s);
}
};
}
}
@Configuration
public class CorsConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
};
}
}
@Configuration
public class CorsConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("*")
.allowedOrigins("http://localhost:4200");
}
};
}
}
你能发送更多的细节吗?你的spring版本,你的配置…我正在使用Spring2.1.3,他也需要选项。Angular CLI发送一个preflight我将其添加到我的程序中,但我仍然有相同的问题配置公共类CorsConfig{@Bean public WebMvcConfigurer corsConfigurer(){返回新的webmvcconfigureadapter(){public void addCorsMappings(CorsRegistry registry){registry.addMapping(“/*”).allowedOrigins(“).allowedHeaders(“”).allowedMethods(“”).AllowRedentials(true).maxAge(3600);}};}}}}添加
allowedMethods(“*”
对我起到了作用。