大佬教程收集整理的这篇文章主要介绍了Spring Boot Security CORS,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
你可以编写自己的CorsFilter并将其添加到安全配置中,而不必使用COrsRegistry。
Custom CorsFilter class:
public class CorsFilter implements Filter {
@OverrIDe
public voID init(FilterConfig filterConfig) throws servletexception {
}
@OverrIDe
public voID doFilter(Servletrequest servletrequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, servletexception {
httpServletResponse response = (httpServletResponsE) servletResponse;
httpServletrequest request= (httpServletrequest) servletrequest;
response.setheader("Access-Control-Allow-Origin", "*");
response.setheader("Access-Control-Allow-Methods", "GET,POST,deletE,PUT,OPTIONS");
response.setheader("Access-Control-Allow-headers", "*");
response.setheader("Access-Control-Allow-Credentials", truE);
response.setheader("Access-Control-Max-Age", 180);
filterChain.doFilter(servletrequest, servletResponsE);
}
@OverrIDe
public voID destroy() {
}
}
Security config class
@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
CorsFilter corsFilter() {
CorsFilter filter = new CorsFilter();
return filter;
}
@OverrIDe
protected voID configure(httpSecurity http) throws Exception {
http
.addFilterBefore(corsFilter(), SessionManagementFilter.class) //adds your custom CorsFilter
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).and()
.formLogin()
.successHandler(AJAXsuccessHandler)
.failureHandler(AJAXFailureHandler)
.loginProcessingUrl("/authentication")
.passwordParameter("password")
.usernameParameter("username")
.and()
.logout()
.deletecookies("JsESSIONID")
.invalIDatehttpSession(true)
.logoutUrl("/logout")
.logoutsuccessUrl("/")
.and()
.csrf().disable()
.anonymous().disable()
.authorizerequests()
.antMatchers("/authentication").permitAll()
.antMatchers("/oauth/token").permitAll()
.antMatchers("/admin/*").access("hasRole('RolE_admin')")
.antMatchers("/user/*").access("hasRole('RolE_USER')");
}
}
我对Spring Security URL的CORS过滤器有疑问。它不会设置Access-Control-Allow-Origin和其他属于Spring sec(登录/注销)或由Spring Security过滤的URL上的其他公开标头。
这是配置。
CORS:
@Configuration
@EnableWebMvc
public class MyWebMvcConfig extends WebMvcConfigurerAdapter {
********some irrelevant configs************
@Override
public void addCorsmappings(CorsRegistry registry) {
registry.addMapping("/*").allowedOrigins("*").allowedMethods("GET","POST","OPTIONS","PUT")
.allowedHeaders("Content-Type","X-requested-With","accept","Origin","Access-Control-request-Method","Access-Control-request-Headers")
.exposedHeaders("Access-Control-Allow-Origin","Access-Control-Allow-Credentials")
.allowCredentials(true).maxAge(3600);
}
}
Security:
@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(httpSecurity http) throws Exception {
http
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).and()
.formLogin()
.successHandler(ajaxsuccessHandler)
.failureHandler(ajaxFailureHandler)
.loginProcessingUrl("/authentication")
.passwordParameter("password")
.usernameParameter("username")
.and()
.logout()
.deleteCookies("JSESSIONID")
.invalidatehttpSession(true)
.logoutUrl("/logout")
.logoutsuccessUrl("/")
.and()
.csrf().disable()
.anonymous().disable()
.authorizerequests()
.antMatchers("/authentication").permitAll()
.antMatchers("/oauth/token").permitAll()
.antMatchers("/admin/*").access("hasRole('ROLE_ADMIN')")
.antMatchers("/user/*").access("hasRole('ROLE_USER')");
}
}
因此,如果我向安全性未监听的网址发出请求,则会设置CORS标头。Spring安全URL-未设置。
Spring boot 1.4.1
以上是大佬教程为你收集整理的Spring Boot Security CORS全部内容,希望文章能够帮你解决Spring Boot Security CORS所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。