钥匙斗篷CORS过滤器弹簧靴 [英] keycloak CORS filter spring boot
问题描述
我正在使用密钥斗篷来保护我的休息服务.我指的是此处给出的教程.我创建了其余部分和前端.现在,当我在后端添加keycloak时,前端进行api调用时会收到CORS错误.
I am using keycloak to secure my rest service. I am refering to the tutorial given here. I created the rest and front end. Now when I add keycloak on the backend I get CORS error when my front end makes api call.
Spring Boot中的Application.java文件看起来像
Application.java file in spring boot looks like
@SpringBootApplication
public class Application
{
public static void main( String[] args )
{
SpringApplication.run(Application.class, args);
}
@Bean
public WebMvcConfigurer corsConfiguration() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/*")
.allowedMethods(HttpMethod.GET.toString(), HttpMethod.POST.toString(),
HttpMethod.PUT.toString(), HttpMethod.DELETE.toString(), HttpMethod.OPTIONS.toString())
.allowedOrigins("*");
}
};
}
}
application.properties文件中的keycloak属性看起来像
The keycloak properties in the application.properties file look like
keycloak.realm = demo
keycloak.auth-server-url = http://localhost:8080/auth
keycloak.ssl-required = external
keycloak.resource = tutorial-backend
keycloak.bearer-only = true
keycloak.credentials.secret = 123123-1231231-123123-1231
keycloak.cors = true
keycloak.securityConstraints[0].securityCollections[0].name = spring secured api
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = admin
keycloak.securityConstraints[0].securityCollections[0].authRoles[1] = user
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /api/*
我正在调用的示例REST API
The sample REST API that I am calling
@RestController
public class SampleController {
@RequestMapping(value ="/api/getSample",method=RequestMethod.GET)
public string home() {
return new string("demo");
}
}
前端keycloak.json属性包括
the front end keycloak.json properties include
{
"realm": "demo",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "tutorial-frontend",
"public-client": true
}
我收到的CORS错误
XMLHttpRequest cannot load http://localhost:8090/api/getSample. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 401.
推荐答案
尝试像我的示例一样创建CORS bean.我最近经历了同样的事情(让CORS正常工作),这是一场噩梦,因为SpringBoot CORS支持目前不像MVC CORS那样强大或直接.
Try creating your CORS bean like my example. I recently went through the same thing (getting CORS to work) and it was a nightmare because the SpringBoot CORS support is currently not as robust or straightforward as the MVC CORS.
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
这是我将其设置为接受应用程序范围内任何原始源的方式,但是,如果您更改了一些参数,则应该能够复制所需的内容. IE.如果只想添加您提到的方法,请链接一些addAllowedMethod().允许的来源相同,然后您的addMapping("/api/*")将变为source.registerCorsConfiguration("/api/*", config);.
This is how I set it up to accept any origin application-wide, but if you change a few of the parameters you should be able to replicate what you want. ie. if you wanted to add only the methods you mentioned, chain some addAllowedMethod(). Allowed origins would be the same, and then your addMapping("/api/*") would become source.registerCorsConfiguration("/api/*", config);.
看看这个. Sebastian是Spring工程团队的成员,所以这和您获得正式答案的能力差不多.
Take a look at this. Sebastian is on the Spring engineering team so this is about as good as you're going to get for an official answer.
这篇关于钥匙斗篷CORS过滤器弹簧靴的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
