春天CORS错误

问题描述 投票:0回答:3

我建立和春天有个网页API和客户端Reactjs。我试图做一个POST请求与的OAuth2认证,反对的WebAPI,但我不断收到

预检响应具有无效的HTTP状态码401

WebSecurityConfigurerAdapter:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(false); //updated to false
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("GET");
        config.addAllowedMethod("PUT");
        config.addAllowedMethod("POST");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .exceptionHandling()
                .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
                .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .antMatchers("/**").authenticated()
                .and()
                .httpBasic();
    }
}

我的要求是:

fetch( 
      this.getAuthEndpoint('password'), {
        method:'post',
      headers: {
        'Access-Control-Allow-Origin': '*', 
        'Authorization': 'Basic dG9ucjpzZWNyZXQ='
      },
      body: JSON.stringify({
        'password': credentials.password,
        'username': credentials.username,
        'grant_type': 'password',
        'scope': 'read write',
        'client_secret': Config.clientSecret,
        'client_id': Config.clientId
      })})
      .then(response => {
        this.saveTokens(response.data);

        return axios.get(Config.apiUrl + '/me');
      })
      .then(response => {
        this.loginSuccess(response.data.user);
      })
      .catch(response => {
        this.loginError(response);
      });

和请求/响应状态为:enter image description here

java spring reactjs oauth-2.0 cors
3个回答
1
投票

尝试做http.cors()..像

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.cors()....
}

参考https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

这将添加一个CORS过滤器并返回请求传递到安全过滤器,而不是马上。


0
投票

添加CorsFilter

@Component    
@Order(Ordered.HIGHEST_PRECEDENCE)    
public class SimpleCorsFilter implements Filter {

//private final Logger log = LoggerFactory.getLogger(SimpleCorsFilter.class);
    public SimpleCorsFilter() {
        System.out.println("SimpleCORSFilter init");
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;

        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me, Authorization, x-auth-token");

        System.out.println("cors filter called");
        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
         response.setStatus(HttpServletResponse.SC_OK);
        }else {
            chain.doFilter(req, res);
       }
    // chain.doFilter(req, res);
    }

    @Override
    public void init(FilterConfig filterConfig) {
    }

    @Override
    public void destroy() {
    }

}

0
投票

如果您正在使用Springboot,添加以下代码application.java

  package com.khan.vaquar;

import java.util.Arrays;
import java.util.Collections;
import java.util.stream.Collectors;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@SpringBootApplication
public class SpringBootGraphqlApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringBootGraphqlApplication.class, args);
    }

    @Bean
    public CorsFilter corsFilter() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        final CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.setAllowedOrigins(Collections.singletonList("*"));
        config.setAllowedHeaders(Collections.singletonList("*"));
        config.setAllowedMethods(Arrays.stream(HttpMethod.values()).map(HttpMethod::name).collect(Collectors.toList()));
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }
}
© www.soinside.com 2019 - 2024. All rights reserved.