Jquery 对Spring MVC控制器的跨域Ajax请求失败,出现302错误
为了证明概念,我正在尝试从一个spring启动应用程序加载一个jsp到另一个页面的某个部分 我正在使用JQuery发出一个$.ajax()请求,但从我看到的情况来看,该请求甚至没有到达spring过滤器或控制器。当从自己的浏览器窗口发送时,控制器正常响应 错误: 加载失败:从“”重定向到“”已被CORS策略阻止:请求的资源上不存在“Access Control Allow Origin”标头。因此,不允许访问源“” 2应用:设置和设置2。设置一是试图在设置2时向控制器发出AJAX请求 设置应用程序页面(尝试与设置2应用程序对话) 设置2网络安全配置Jquery 对Spring MVC控制器的跨域Ajax请求失败,出现302错误,jquery,ajax,spring-mvc,spring-boot,spring-security,Jquery,Ajax,Spring Mvc,Spring Boot,Spring Security,为了证明概念,我正在尝试从一个spring启动应用程序加载一个jsp到另一个页面的某个部分 我正在使用JQuery发出一个$.ajax()请求,但从我看到的情况来看,该请求甚至没有到达spring过滤器或控制器。当从自己的浏览器窗口发送时,控制器正常响应 错误: 加载失败:从“”重定向到“”已被CORS策略阻止:请求的资源上不存在“Access Control Allow Origin”标头。因此,不允许访问源“” 2应用:设置和设置2。设置一是试图在设置2时向控制器发出AJAX请求 设置应用程
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
configuration.setExposedHeaders(Arrays.asList("Access-Control-Allow-Origin", "Access-Control-Allow-Methods",
"Access-Control-Allow-Headers", "Access-Control-Max-Age", "Access-Control-Request-Headers",
"Access-Control-Request-Method"));
// setAllowCredentials(true) is important, otherwise:
// The value of the 'Access-Control-Allow-Origin' header in the response must
// not be the wildcard '*' when the request's credentials mode is 'include'.
configuration.setAllowCredentials(true);
// setAllowedHeaders is important! Without it, OPTIONS preflight request
// will fail with 403 Invalid CORS request
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/", configuration);
return source;
}
}
设置2 app Cors过滤器
public class WebSecurityCorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Methods", "*");
res.setHeader("Access-Control-Max-Age", "3600");
res.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(request, res);
}
@Override
public void destroy() {
}
}
设置2控制器
@交叉起源
@RestController
公共类设置控制器{
@CrossOrigin
@RequestMapping(value = "/", method = { RequestMethod.POST })
public String getPagePost(HttpServletResponse response) {
return "home";
}
@RequestMapping(value = "/", method = RequestMethod.OPTIONS)
public ResponseEntity handle() {
return new ResponseEntity(HttpStatus.OK);
}
}
设置2 pom
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.ddavey</groupId>
<artifactId>settings</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>settings2</name>
<description>Development Team Register Application</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
4.0.0
com.ddavey
设置
0.0.1-快照
战争
设置2
开发团队注册应用程序
org.springframework.boot
spring启动程序父级
2.0.0.1版本
UTF-8
UTF-8
1.8
org.springframework.boot
SpringBootStarterWeb
org.springframework.boot
弹簧启动安全
org.springframework.boot
弹簧靴开发工具
真的
jstl
jstl
1.2
org.springframework.boot
弹簧起动试验
测试
org.springframework.boot
弹簧启动机tomcat
假如
org.apache.tomcat.embed
汤姆卡特·贾斯珀
假如
org.springframework.boot
springbootmaven插件
设置2应用程序启动日志(即使发送请求,也不会进一步记录):
_
/\/“\uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu\
(())\
\/)| | | | | | | | |(| |)
“| | | | | | | | | | | |,|///
=========|_|==============|___/=///_/
::弹簧启动::(v2.0.0.版本)
2018-03-15 13:04:07585 2029[restartedMain]调试o.s.s.c.a.a.c.AuthenticationConfiguration$EnableGlobalAuthenticationAutowiredConfiger-急切地初始化{webSecurityConfig=com.ddavey.settings.webSecurityConfig$$EnhancerBySpringCGLIB$$5891dd83@30260b10}
2018-03-15 13:04:07724 2168[restartedMain]信息o.s.s.w.DefaultSecurityFilterChain-创建过滤链:org.springframework.security.web.util.matcher。AnyRequestMatcher@1, [org.springframework.security.web.context.request.async。WebAsyncManagerIntegrationFilter@52e26e68,org.springframework.security.web.context。SecurityContextPersistenceFilter@624ab72f,org.springframework.security.web.header。HeaderWriterFilter@618df83a,org.springframework.web.filter。CorsFilter@1f0c50a,org.springframework.security.web.csrf.CsrfFilter@174cc9cb,org.springframework.security.web.authentication.logout。LogoutFilter@4fddc7f,org.springframework.security.web.savedrequest。RequestCacheAwareFilter@23710a6c,org.springframework.security.web.servletapi。SecurityContextHolderAwareRequestFilter@231f9098,org.springframework.security.web.authentication。AnonymousAuthenticationFilter@72fafc4,org.springframework.security.web.session。SessionManagementFilter@17b054e5,org.springframework.security.web.access。ExceptionTranslationFilter@57cd8b95]我也遇到了同样的问题。我使用代理服务器方法解决了我的问题。我将ajax请求发送到本地服务器,并使用Java后端拉入另一个站点并“中继”回到ajax请求。我没有使用SpringBoot,而是一个带有servlet的动态网站,当ajax通过时会调用它。工作非常好,可以以这种方式在一个页面中加载五个不同的站点,然后只使用我希望从其他页面中获得的内容来构建新的布局外观
这是我遵循的一个起点为什么要从“”重定向到“”?这是同一个URL。我不知道发生了什么。我没有做任何具体的事情。为什么会发生这种情况?如果没有Spring安全日志,很难回答您的问题。您是否可以添加带有
调试的Spring安全日志
问题的级别?如果日志中不包含任何请求,则无法访问服务器。是否使用代理?将请求和响应添加到问题中(例如浏览器中开发工具的屏幕截图)。
@CrossOrigin
@RequestMapping(value = "/", method = { RequestMethod.POST })
public String getPagePost(HttpServletResponse response) {
return "home";
}
@RequestMapping(value = "/", method = RequestMethod.OPTIONS)
public ResponseEntity handle() {
return new ResponseEntity(HttpStatus.OK);
}
}
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.ddavey</groupId>
<artifactId>settings</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>settings2</name>
<description>Development Team Register Application</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>