将标头添加到oauth /令牌响应（spring-security） [英] Add headers to oauth/token response (spring-security)

问题描述

我想为我的spring应用程序添加自定义标题到Oauth2令牌响应。具体来说，它涉及CORS标题，即Access-Control-Allow-Origin ...我已经设法将它们添加到401响应，但没有运气与200。

我看过无处不在，调试项目没有结果。我试图通过拦截器添加这些头，但响应仍然不包含它们。
任何想法？

我使用Spring安全性和注释配置。

类似问题：允许Outh /令牌请求的OPTIONS HTTP方法

解决方案

使用此Cors筛选器（或者如果您添加最后一行我的版本到你的版本），你没有你在其他链接的帖子中提到的问题！

  @Component 
 @Order（Ordered.HIGHEST_PRECEDENCE）
 public class SimpleCorsFilter implements Filter {
 
 public SimpleCorsFilter（）{
} 
 
 @Override 
 public void doFilter（ServletRequest req，ServletResponse res，FilterChain chain）throws IOException，ServletException {
 HttpServletResponse response =（HttpServletResponse）res; 
 HttpServletRequest request =（HttpServletRequest）req; 
 response.setHeader（Access-Control-Allow-Origin，*）; 
 response.setHeader（Access- Control-Allow-Methods，POST，GET，OPTIONS，DELETE）; 
 response.setHeader（Access-Control-Max-Age，3600）; 
 response.setHeader（Access-Control-Allow-Headers，x-requested-with，authorization）; 
 
 if（OPTIONS.equalsIgnoreCase（request.getMethod（）））{
 response.setStatus（HttpServletResponse.SC_OK）; 
} else {
 chain.doFilter（req，res）; 
} 
} 
 
 @Override 
 public void init（FilterConfig filterConfig）{
} 
 
 @Override 
 public void destroy（）{
} 
 
} 
  

I would like to add custom headers to Oauth2 token response for my spring application. Specifically it involves CORS headers i.e. Access-Control-Allow-Origin... I have managed to add them to 401 responses but have no luck with 200 ones.

I have looked everywhere and debugged the project with no result. I have tried adding those headers through interceptor but response still does not contain them. Any ideas?

I'm using Spring security with annotation configuration.

I have asked similar question here: Allow OPTIONS HTTP Method for oauth/token request where you can check my spring configuration.

解决方案

Use this Cors Filter (or maybe it works if you add the last lines of my version to your version) and you don't have the problem you mention in you other linked post!

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter implements Filter {

public SimpleCorsFilter() {
}

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletResponse response = (HttpServletResponse) res;
    HttpServletRequest request = (HttpServletRequest) req;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization");

    if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
        response.setStatus(HttpServletResponse.SC_OK);
    } else {
        chain.doFilter(req, res);
    }
}

@Override
public void init(FilterConfig filterConfig) {
}

@Override
public void destroy() {
}

}

这篇关于将标头添加到oauth /令牌响应（spring-security）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！