Spring boot,ip地址域上的cookie

问题描述 投票:0回答:1

我的服务器在本地主机和我的VPN地址(26.185.15.150)上工作,当我向http://localhost:3500/login/auth发出请求时,我得到正确的响应和cookie。当我向 http://26.185.15.150:3500/login/auth 发出请求时,我没有收到 cookie,但我在标头中收到“set-cookies”,我需要如何解决这个问题? 安全配置

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http
        .csrf(AbstractHttpConfigurer::disable)
        .authorizeHttpRequests(authorizeRequests ->
                authorizeRequests
                        .requestMatchers("/login/**", "/v3/**", "/swagger-resources/**", "/swagger-ui.html", "/webjars/**", "/swagger-ui/**").permitAll()
                        .requestMatchers("/image/**").permitAll()
                        .requestMatchers("/api/unsecured").permitAll()
                        .requestMatchers("/api/secured").hasAnyRole("2001", "5320")
                        .requestMatchers("/api/admin").hasRole("5320")
                        .requestMatchers("/api/info").authenticated()
        )
        .sessionManagement(c -> c.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
        .exceptionHandling(c -> c.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))
        .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);

    return http.build();
}

@Bean
public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("http://localhost:5173");
    config.addAllowedOrigin("*");
    config.addAllowedHeader("Content-Type");
    config.addAllowedHeader("Authorization");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("POST");
    config.addAllowedMethod("PUT");
    config.addAllowedMethod("DELETE");
    source.registerCorsConfiguration("/**", config);

    return new CorsFilter(source);
}

我的cookie设置

public void setTokenCookies(HttpServletResponse response, JwtResponse jwtResponse) {
    Cookie refreshTokenCookie = new Cookie("jwt", jwtResponse.getJwtRefreshToken());
    refreshTokenCookie.setHttpOnly(true);
    refreshTokenCookie.setMaxAge((int) jwtRefreshTokenLifetime.toHours());
    refreshTokenCookie.setSecure(true);
    refreshTokenCookie.setPath("/");
    response.addCookie(refreshTokenCookie);
}

我期望我的 http 请求能够正确地使用 IP 地址,就像本地主机一样。

spring spring-boot spring-security setcookie httpcookie
1个回答
0
投票

因为 ip 地址不是安全端口,所以 cookie 适用于安全端口或本地主机

© www.soinside.com 2019 - 2024. All rights reserved.