CORS不使用Spring引导和AnularJS工作 [英] CORS not working with Spring Boot and AnularJS
问题描述
我使用的是code从春数据休息和在春季启动一个Cors 并的How我是否能够得到基本的身份验证在angularjs工作?获得AnuljarJS。
CORS是以前我成立了基本身份验证工作。该认证本身是单独工作在服务器上,而不是在组合。
是我使用的Chrome和我读了CORS并不总是正确的工作;结果
但它的工作,当我构建服务器和网络启动(春季启动8080端口),它也不能正常工作。
我得到:拒绝不安全设置页眉访问控制请求报头
和典型响应preflight申请未通过访问控制检查:没有访问控制允许来源标头的请求的资源present。原产地的http://本地主机:63344,因此没有允许访问。响应有HTTP状态code 401。
错误。
春季启动
CORS
@Configuration
公共类RestConfiguration { / **
* http://stackoverflow.com/a/31748398/122441直到https://jira.spring.io/browse/DATAREST-573
* /
@豆
公共FilterRegistrationBean corsFilter(){
UrlBasedCorsConfigurationSource源=新UrlBasedCorsConfigurationSource();
CorsConfiguration配置=新CorsConfiguration();
config.setAllowCredentials(真);
config.addAllowedOrigin(*);
config.addAllowedHeader(*);
config.addAllowedMethod(「购股权」);
config.addAllowedMethod(HEAD);
config.addAllowedMethod(GET);
config.addAllowedMethod(PUT);
config.addAllowedMethod(POST);
config.addAllowedMethod(删除);
config.addAllowedMethod(补丁);
source.registerCorsConfiguration(/ **,配置);
//返回新CorsFilter(源);
最后FilterRegistrationBean豆=新FilterRegistrationBean(新CorsFilter(源));
bean.setOrder(0);
返回豆;
}
}
安全
@Configuration
@EnableWebSecurity
公共类WebSecurityConfig扩展WebSecurityConfigurerAdapter {
私有静态最终字符串username =假的;
私有静态最后的字符串密码=假的; @覆盖
保护无效配置(HttpSecurity HTTP)抛出异常{
HTTP
.authorizeRequests()//授权请求配置
.antMatchers(/ API / **)。hasRole(API)
.anyRequest()认证()
。而()// HTTP基本身份验证仅适用于API
。.antMatcher(/ API / **)httpBasic();
} @Autowired
公共无效configureGlobal(AuthenticationManagerBuilder AUTH)抛出异常{
AUTH
.inMemoryAuthentication()
.withUser(用户名)。密码(密码).roles(API);
}
}
AngularJS
的app.config(函数($ httpProvider,Base64Provider){
// http://stackoverflow.com/a/17959564/2715720
$ httpProvider.defaults.useXDomain = TRUE;
$ httpProvider.defaults.withCredentials = TRUE;
删除$ httpProvider.defaults.headers.common [X-要求,以];
$ httpProvider.defaults.headers.common [接受] =应用/ JSON;
$ httpProvider.defaults.headers.common [的Content-Type] =应用/ JSON;
$ httpProvider.defaults.headers.common [访问控制请求报头] =接受,内容类型,产地,授权;
$ httpProvider.defaults.headers.common ['授权'] ='基本'+ Base64Provider.en code('假'+':'+'假');
});
您需要在安全配置添加CORS过滤器。
@Configuration
@EnableWebSecurity
公共类WebSecurityConfig扩展WebSecurityConfigurerAdapter { @覆盖
保护无效配置(HttpSecurity HTTP)抛出异常{
HTTP
.addFilterBefore(新CORSFilter(),ChannelProcessingFilter.class) .authorizeRequests()
.antMatchers(/ API / **)。hasRole(API)
.anyRequest()认证()
。和()
。.antMatcher(/ API / **)httpBasic();
}
}
I'm using the code from Spring Data Rest and Cors in Spring Boot and How do I get basic auth working in angularjs? for AnuljarJS.
CORS was working before I set up Basic Authentication. The Authentication itself was working on the server alone, but not in combination.
Yes I'm using Chrome and I read that CORS is not always correct working;
but it was working, and when I build the server and start it online (spring boot port 8080), it's also not working.
I'm getting: Refused to set unsafe header "Access-Control-Request-Headers"
and the typical Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63344' is therefore not allowed access. The response had HTTP status code 401.
error.
Spring Boot
CORS
@Configuration
public class RestConfiguration {
/**
* http://stackoverflow.com/a/31748398/122441 until https://jira.spring.io/browse/DATAREST-573
*/
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
// return new CorsFilter(source);
final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
Security
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String username = "dummy";
private static final String password = "dummy";
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests() //Authorize Request Configuration
.antMatchers("/api/**").hasRole("API")
.anyRequest().authenticated()
.and() //HTTP basic Authentication only for API
.antMatcher("/api/**").httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser(username).password(password).roles("API");
}
}
AngularJS
app.config(function ($httpProvider, Base64Provider) {
// http://stackoverflow.com/a/17959564/2715720
$httpProvider.defaults.useXDomain = true;
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common["X-Requested-With"];
$httpProvider.defaults.headers.common["Accept"] = "application/json";
$httpProvider.defaults.headers.common["Content-Type"] = "application/json";
$httpProvider.defaults.headers.common["Access-Control-Request-Headers"] = "accept, content-type, origin, authorization";
$httpProvider.defaults.headers.common['Authorization'] = 'Basic ' + Base64Provider.encode('dummy' + ':' + 'dummy');
});
You need to add a cors filter in the security configuration.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
.authorizeRequests()
.antMatchers("/api/**").hasRole("API")
.anyRequest().authenticated()
.and()
.antMatcher("/api/**").httpBasic();
}
}
这篇关于CORS不使用Spring引导和AnularJS工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!