无法在Spring Security中为oauth/token端点启用CORS
我无法在SpringRESTAPI上为oauth/token端点启用CORS支持 资源服务器配置:无法在Spring Security中为oauth/token端点启用CORS,spring,spring-mvc,spring-boot,spring-security,oauth,Spring,Spring Mvc,Spring Boot,Spring Security,Oauth,我无法在SpringRESTAPI上为oauth/token端点启用CORS支持 资源服务器配置: @配置 @EnableResourceServer 受保护的静态类ResourceServerConfiguration扩展了ResourceServerConfigurerAdapter{ @自动连线 私有CustomAuthenticationEntryPoint CustomAuthenticationEntryPoint; @自动连线 私有CustomLogoutSuccessHandle
@配置
@EnableResourceServer
受保护的静态类ResourceServerConfiguration扩展了ResourceServerConfigurerAdapter{
@自动连线
私有CustomAuthenticationEntryPoint CustomAuthenticationEntryPoint;
@自动连线
私有CustomLogoutSuccessHandler CustomLogoutSuccessHandler;
@自动连线
私人授权服务角色服务;
@豆子
公共访问决策管理器访问决策管理器(){
List我通过从configure(HttpSecurity http)Override方法中删除.addFilterBefore(corsFilter(),ChannelProcessingFilter.class)修复了它。希望它有意义为什么?
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware {
private static final String ENV_OAUTH = "authentication.oauth.";
private static final String PROP_CLIENTID = "clientid";
private static final String PROP_SECRET = "secret";
private static final String PROP_TOKEN_VALIDITY_SECONDS = "tokenValidityInSeconds";
private RelaxedPropertyResolver propertyResolver;
@Autowired
TokenStore tokenStore;
@Bean
public TokenEnhancer tokenEnhancer() {
return new OAuth2TokenEnhancer();
}
@Autowired
BCryptPasswordEncoder bCryptPasswordEncoder;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.tokenStore(tokenStore)
.tokenEnhancer(tokenEnhancer())
.authenticationManager(authenticationManager)
;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(propertyResolver.getProperty(PROP_CLIENTID))
.scopes("read", "write")
.authorizedGrantTypes("password", "refresh_token")
.secret(propertyResolver.getProperty(PROP_SECRET))
.accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800));
}
@Override
public void setEnvironment(Environment environment) {
this.propertyResolver = new RelaxedPropertyResolver(environment, ENV_OAUTH);
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
public AuthenticationProvider customAuthenticationProvider() {
CustomAuthenticationProvider impl = new CustomAuthenticationProvider();
impl.setUserDetailsService(userDetailsService);
impl.setPasswordEncoder(bCryptPasswordEncoder());
return impl;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthenticationProvider());
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
}
}
}