Spring security 弹簧靴上oAuth2 CORS问题的弹簧安全性
我不熟悉弹簧靴。我已经用oAuth2实现了Spring安全性,并成功地从Spring安全性中获得了acesstoken。但当我尝试使用带有“Authorization”头的令牌进行请求时 我的Spring security 弹簧靴上oAuth2 CORS问题的弹簧安全性,spring-security,oauth-2.0,spring-boot,Spring Security,Oauth 2.0,Spring Boot,我不熟悉弹簧靴。我已经用oAuth2实现了Spring安全性,并成功地从Spring安全性中获得了acesstoken。但当我尝试使用带有“Authorization”头的令牌进行请求时 我的CORS过滤器如下: @Component @Order(Ordered.HIGHEST_PRECEDENCE) public class RequestFilter implements Filter { @Override public void init(FilterConfig f
CORS
过滤器如下:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class RequestFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT,DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
if (request.getMethod()!="OPTIONS") {
chain.doFilter(req, res);
} else {
}
}
@Override
public void destroy() {
}
}
但还是给了CORS一个问题
请告诉我哪里错了。请尝试如下设置您的访问控制允许标头:
response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Authorization, Content-Type");
解决问题。我把代币寄错了路
config.headers["Authorization"] = 'Bearer 0d634d2b-3900-4ca4-a462-cf729e8d0c72';
正确的方法是:
config.headers.authorization = 'Bearer 0d634d2b-3900-4ca4-a462-cf729e8d0c72';
相同的响应“原因:CORS标头“访问控制允许源”与“*”不匹配。现在,如果am将其值更改为“request.getHeader(“Origin”)”,则“CORS头“访问控制允许凭据”中应为“true”
config.headers.authorization = 'Bearer 0d634d2b-3900-4ca4-a462-cf729e8d0c72';