oauth/token上的Spring Boot Rest Service选项401 [英] Spring boot rest service options 401 on oauth/token

问题描述

我正在使用Spring Boot进行简单的休息服务.为了在Angular 2中使用它，我在oauth/token端点上检索令牌时遇到了CORS问题.

I'm using spring boot to make a simple rest service. To consume it in Angular 2, I've got CORS problem when retrieving token on oauth/token endpoint.

Chrome中的错误消息如下.

The error message in Chrome is below.

错误消息

zone.js:101 OPTIONS http://192.168.0.9:8080/api/oauth/token 
XMLHttpRequest cannot load http://192.168.0.9:8080/api/oauth/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401.

相关文件在下面.

MyConfig.java

MyConfig.java

@Configuration
public class MyConfig {
    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("**")
                        .allowedOrigins("*").allowedMethods("POST, GET, HEAD, OPTIONS")
                .allowCredentials(true)
                .allowedHeaders("Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers")
                .exposedHeaders("Access-Control-Allow-Origin,Access-Control-Allow-Credentials")
                .maxAge(10);
            }
        };
    }
}

OAuth2ResourceServerConfig.java

OAuth2ResourceServerConfig.java

@Configuration
@EnableResourceServer
class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .anonymous()
            .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS,"**").permitAll()
                .antMatchers("/authenticated/**").authenticated()
                ;
    }

}

我是java和spring的新手.我发现了类似的问题，例如 OAuth2-状态401 OPTIONS在检索令牌时请求，但是我真的不知道如何在春季启动时使它工作.

I'm new to java and spring. I found some similar question, such as OAuth2 - Status 401 on OPTIONS request while retrieving TOKEN, but I really don't understand how to make it work in spring boot.

请注意，正常的休息控制器端点工作正常.问题是oauth/token，选项请求返回401状态.

Please note normal rest controller endpoint works fine. The problem is oauth/token, the options request returns 401 status.

请给我看一些Spring Boot的工作代码.谢谢！

Please show me some working code in spring boot. Thanks!

推荐答案

您可以将此CORS过滤器添加到您的项目中

You can add this CORS Filter to your project

    @Component
    @Order(Ordered.HIGHEST_PRECEDENCE)

    public class SimpleCORSFilter implements Filter {

    @Override
    public void init(FilterConfig fc) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse resp,
            FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) resp;
        HttpServletRequest request = (HttpServletRequest) req;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN");

        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(req, resp);
        }

    }

    @Override
    public void destroy() {
    }

 }

这篇关于oauth/token上的Spring Boot Rest Service选项401的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！