Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/angular/32.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 如何修复';访问控制允许原点';连接到WebSocket时出错?_Java_Websocket_Spring Websocket_Stomp_Sockjs - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 如何修复';访问控制允许原点';连接到WebSocket时出错?

Java 如何修复';访问控制允许原点';连接到WebSocket时出错?

java websocket

Java 如何修复';访问控制允许原点';连接到WebSocket时出错?,java,websocket,spring-websocket,stomp,sockjs,Java,Websocket,Spring Websocket,Stomp,Sockjs,我正在做一个SockJS和WebSocket类型的项目,前端我使用React,后端使用spring的WebSocket实现。但是当我尝试连接到我的WebSocket时,我得到了一个CORS错误 Access to XMLHttpRequest at 'http://localhost:8080/ws/info?t=1579096675068' from origin 'http://localhost:3000' has been blocked by CORS policy: The valu

我正在做一个SockJS和WebSocket类型的项目,前端我使用React,后端使用spring的WebSocket实现。但是当我尝试连接到我的WebSocket时,我得到了一个CORS错误

Access to XMLHttpRequest at 'http://localhost:8080/ws/info?t=1579096675068' from origin 'http://localhost:3000' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
在Java项目中,我包含了以下CORS配置:

@Bean
CorsConfigurationSource corsConfigurationSource() {
     final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
     final CorsConfiguration configuration = new CorsConfiguration();
     configuration.applyPermitDefaultValues();
     configuration.setExposedHeaders(Arrays.asList("Authorization"));
     configuration.addAllowedOrigin("*");
     configuration.addAllowedMethod("*");
     configuration.addAllowedHeader("*");
     source.registerCorsConfiguration("/**", configuration);
     return source;
}
至于
WebSecurity
类上的
configure
方法,我已经包括以下内容:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.cors().and().csrf().disable().authorizeRequests()
             .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
             .anyRequest().authenticated()
             .and()
             .addFilter(new JWTAuthenticationFilter(authenticationManager()))
             .addFilter(new JWTAuthorizationFilter(authenticationManager()))
             .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
我添加套接字端点如下所示:

@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
    registry.addEndpoint("/ws").setAllowedOrigins("*").withSockJS();
}
在前端,我使用
connect
方法连接到我的WebSocket:

connect = () => {
  const Stomp = require("stompjs");
  let SockJS = require("sockjs-client");
  SockJS = new SockJS("http://localhost:8080/ws");
  stompClient = Stomp.over(SockJS);
  stompClient.connect({}, this.onConnected, this.onError);
};
我已尝试将
注册表tompendpoints
方法上的URL设置为
http://localhost:3000
明确但无效。还在我的
package.json
前端添加了一个代理到
http://localhost:8080/
,但仍会出现相同的错误。我需要在我的
corsConfigurationSource
上做些什么才能让它正常工作

更新

当我执行以下
configure
方法时,它解决了WebSocket问题,因为它可以连接到WebSocket,但我无法访问应用程序的其他路由,因为它会导致另一个错误

protected void configure(HttpSecurity http) throws Exception {
     http.authorizeRequests()
             .antMatchers("/ws").permitAll()
             .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
             .and()
             .addFilter(new JWTAuthenticationFilter(authenticationManager()))
             .addFilter(new JWTAuthorizationFilter(authenticationManager()))
     .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().csrf().disable();
}
另一个错误是:

Access to XMLHttpRequest at 'http://localhost:8080/auth/me' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
我最终用它作为我的网络安全。总之,我在我的
configure
方法中添加了
.antMatchers(“/ws/**”).permitAll()
。因此,我允许所有请求到达我的WebSocket端点,并在我的所有其他路由上明确注册CORS配置,除了
CORSCOConfiguration Source
方法上的
/ws
路由。希望这能有所帮助。

我有一个像你一样的应用程序,运行良好。已经像这样实现了cors。非常感谢。我花了好几个小时找这个。 
@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and()
              .authorizeRequests()
              .antMatchers("/ws/**").permitAll()
              .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
              .anyRequest().authenticated()
              .and()
              .addFilter(new JWTAuthenticationFilter(authenticationManager()))
              .addFilter(new JWTAuthorizationFilter(authenticationManager()))
              .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
              .and().csrf().disable();
}

@Bean
CorsConfigurationSource corsConfigurationSource() {

        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        final CorsConfiguration configuration = new CorsConfiguration();
        configuration.setExposedHeaders(Arrays.asList("Authorization"));
        configuration.addAllowedOrigin("*");
        configuration.addAllowedMethod("*");
        configuration.addAllowedHeader("*");
        configuration.applyPermitDefaultValues();
        source.registerCorsConfiguration("/api/**", configuration);
        source.registerCorsConfiguration("/auth/*", configuration);
        source.registerCorsConfiguration("/login", configuration);
        return source;
}