CORS不能与Spring Boot和AngularJS一起使用 [英] CORS not working with Spring Boot and AngularJS
问题描述
我在Spring Boot中使用 Spring Data Rest and Cors 中的代码和如何在AngularJS中获得AngularJS的基本身份验证?。
I'm using the code from Spring Data Rest and Cors in Spring Boot and How do I get basic auth working in AngularJS? for AngularJS.
CORS在我之前工作设置基本身份验证。身份验证本身仅在服务器上运行,但不是组合使用。
CORS was working before I set up Basic Authentication. The Authentication itself was working on the server alone, but not in combination.
是的我正在使用Chrome,而且我读到CORS并不总是正常工作;
但是它正常工作,当我构建服务器并在线启动它时(弹簧启动端口8080),它也无法工作。
Yes I'm using Chrome and I read that CORS is not always correct working;
but it was working, and when I build the server and start it online (spring boot port 8080), it's also not working.
我得到了:拒绝设置不安全标头Access-Control-Request-Headers
,典型的对预检请求的响应未通过访问控制检查:否'access-Control-Allow-Origin'标头出现在请求的资源上。因此不允许Origin'http:// localhost:63344'访问。响应的HTTP状态代码为401.
错误。
I'm getting: Refused to set unsafe header "Access-Control-Request-Headers"
and the typical Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63344' is therefore not allowed access. The response had HTTP status code 401.
error.
@Configuration
public class RestConfiguration {
/**
* https://stackoverflow.com/a/31748398/122441 until https://jira.spring.io/browse/DATAREST-573
*/
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
// return new CorsFilter(source);
final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
安全
Security
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String username = "dummy";
private static final String password = "dummy";
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests() //Authorize Request Configuration
.antMatchers("/api/**").hasRole("API")
.anyRequest().authenticated()
.and() //HTTP basic Authentication only for API
.antMatcher("/api/**").httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser(username).password(password).roles("API");
}
}
AngularJS
AngularJS
app.config(function ($httpProvider, Base64Provider) {
// https://stackoverflow.com/a/17959564/2715720
$httpProvider.defaults.useXDomain = true;
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common["X-Requested-With"];
$httpProvider.defaults.headers.common["Accept"] = "application/json";
$httpProvider.defaults.headers.common["Content-Type"] = "application/json";
$httpProvider.defaults.headers.common["Access-Control-Request-Headers"] = "accept, content-type, origin, authorization";
$httpProvider.defaults.headers.common['Authorization'] = 'Basic ' + Base64Provider.encode('dummy' + ':' + 'dummy');
});
推荐答案
您需要在安全配置中添加cors过滤器。
You need to add a cors filter in the security configuration.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
.authorizeRequests()
.antMatchers("/api/**").hasRole("API")
.anyRequest().authenticated()
.and()
.antMatcher("/api/**").httpBasic();
}
}
这篇关于CORS不能与Spring Boot和AngularJS一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!