我从openid connect注销时收到以下问题。
“从'http://localhost:8080'访问''(从''重定向)的XMLHttpRequest已被CORS策略阻止:请求的资源上没有'Access-Control-Allow-Origin'标头。”
并且网络呼叫显示“已取消”状态。
这是代码SecurityConfig.java
@Override
protected void configure(HttpSecurity http) throws Exception {
LOG.info("in configure httpsecurity");
http.csrf().disable().cors().and()
.addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
.addFilterAfter(myFilter(), OAuth2ClientContextFilter.class)
.httpBasic().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(openIdConfig.getEntrypoint()))
.and()
.authorizeRequests()
.antMatchers(openIdConfig.getEntrypoint()).permitAll()
.anyRequest().authenticated()
.and().logout()//.clearAuthentication(true)
.logoutUrl(openIdConfig.getLogoffURL()+openIdConfig.getRedirectUri()).permitAll()
.invalidateHttpSession(true)
.deleteCookies(OpenIDConstants.SESSION_TOKEN, OpenIDConstants.USERNAME,
OpenIDConstants.JSESSIONID)
.logoutSuccessHandler(logoutSuccessHandler())
.logoutSuccessUrl(openIdConfig.getRedirectUri());
;
LOG.info("in configure httpsecurity end");
// @formatter:on
}
您可能在安全级别上启用了CORS,但在Web级别上没有启用CORS。要在Web级别启用CORS,您可以在方法级别,类级别或整个应用程序中执行此操作。
方法级别
@CrossOrigin(origins = "http://example.com")
@GetMapping(path="/")
public String homeInit(Model model) {
return "home";
}
班级
@CrossOrigin(origins = "*", allowedHeaders = "*")
@Controller
public class HomeController
{
@GetMapping(path="/")
public String homeInit(Model model) {
return "home";
}
}
全球
@Configuration
@EnableWebMvc
public class CorsConfiguration extends WebMvcConfigurerAdapter
{
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("GET", "POST");
}
}
或者,对于Spring Boot应用程序,推荐的方式:
@Configuration
public class CorsConfiguration
{
@Bean
public WebMvcConfigurer corsConfigurer()
{
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
};
}
}