oauth/token 上的 Spring Boot Rest 服务选项 401 [英] Spring boot rest service options 401 on oauth/token
问题描述
我正在使用 spring boot 来做一个简单的休息服务.为了在 Angular 2 中使用它,我在 oauth/token 端点上检索令牌时遇到了 CORS 问题.
I'm using spring boot to make a simple rest service. To consume it in Angular 2, I've got CORS problem when retrieving token on oauth/token endpoint.
Chrome 中的错误消息如下.
The error message in Chrome is below.
zone.js:101 OPTIONS http://192.168.0.9:8080/api/oauth/token
XMLHttpRequest cannot load http://192.168.0.9:8080/api/oauth/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401.
相关文件如下.
MyConfig.java
MyConfig.java
@Configuration
public class MyConfig {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("**")
.allowedOrigins("*").allowedMethods("POST, GET, HEAD, OPTIONS")
.allowCredentials(true)
.allowedHeaders("Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers")
.exposedHeaders("Access-Control-Allow-Origin,Access-Control-Allow-Credentials")
.maxAge(10);
}
};
}
}
OAuth2ResourceServerConfig.java
OAuth2ResourceServerConfig.java
@Configuration
@EnableResourceServer
class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.anonymous()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS,"**").permitAll()
.antMatchers("/authenticated/**").authenticated()
;
}
}
我是 Java 和 Spring 的新手.我发现了一些类似的问题,例如 OAuth2 - Status 401 on检索 TOKEN 时请求 OPTIONS ,但我真的不明白如何使其在 Spring Boot 中工作.
I'm new to java and spring. I found some similar question, such as OAuth2 - Status 401 on OPTIONS request while retrieving TOKEN, but I really don't understand how to make it work in spring boot.
请注意正常的休息控制器端点工作正常.问题是 oauth/token,options 请求返回 401 状态.
Please note normal rest controller endpoint works fine. The problem is oauth/token, the options request returns 401 status.
请给我看一些 Spring Boot 中的工作代码.谢谢!
Please show me some working code in spring boot. Thanks!
推荐答案
您可以将此 CORS 过滤器添加到您的项目中
You can add this CORS Filter to your project
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCORSFilter implements Filter {
@Override
public void init(FilterConfig fc) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) resp;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, resp);
}
}
@Override
public void destroy() {
}
}
这篇关于oauth/token 上的 Spring Boot Rest 服务选项 401的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!