oauth/token 上的 Spring Boot Rest 服务选项 401 [英] Spring boot rest service options 401 on oauth/token

查看:40
本文介绍了oauth/token 上的 Spring Boot Rest 服务选项 401的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用 spring boot 来做一个简单的休息服务.为了在 Angular 2 中使用它,我在 oauth/token 端点上检索令牌时遇到了 CORS 问题.

I'm using spring boot to make a simple rest service. To consume it in Angular 2, I've got CORS problem when retrieving token on oauth/token endpoint.

Chrome 中的错误消息如下.

The error message in Chrome is below.

错误信息

zone.js:101 OPTIONS http://192.168.0.9:8080/api/oauth/token 
XMLHttpRequest cannot load http://192.168.0.9:8080/api/oauth/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401.

相关文件如下.

MyConfig.java

MyConfig.java

@Configuration
public class MyConfig {
    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("**")
                        .allowedOrigins("*").allowedMethods("POST, GET, HEAD, OPTIONS")
                .allowCredentials(true)
                .allowedHeaders("Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers")
                .exposedHeaders("Access-Control-Allow-Origin,Access-Control-Allow-Credentials")
                .maxAge(10);
            }
        };
    }
}

OAuth2ResourceServerConfig.java

OAuth2ResourceServerConfig.java

@Configuration
@EnableResourceServer
class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .anonymous()
            .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS,"**").permitAll()
                .antMatchers("/authenticated/**").authenticated()
                ;
    }

}

我是 Java 和 Spring 的新手.我发现了一些类似的问题,例如 OAuth2 - Status 401 on检索 TOKEN 时请求 OPTIONS ,但我真的不明白如何使其在 Spring Boot 中工作.

I'm new to java and spring. I found some similar question, such as OAuth2 - Status 401 on OPTIONS request while retrieving TOKEN, but I really don't understand how to make it work in spring boot.

请注意正常的休息控制器端点工作正常.问题是 oauth/token,options 请求返回 401 状态.

Please note normal rest controller endpoint works fine. The problem is oauth/token, the options request returns 401 status.

请给我看一些 Spring Boot 中的工作代码.谢谢!

Please show me some working code in spring boot. Thanks!

推荐答案

您可以将此 CORS 过滤器添加到您的项目中

You can add this CORS Filter to your project

    @Component
    @Order(Ordered.HIGHEST_PRECEDENCE)

    public class SimpleCORSFilter implements Filter {

    @Override
    public void init(FilterConfig fc) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse resp,
            FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) resp;
        HttpServletRequest request = (HttpServletRequest) req;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN");

        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(req, resp);
        }

    }

    @Override
    public void destroy() {
    }

 }

这篇关于oauth/token 上的 Spring Boot Rest 服务选项 401的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆