【发布时间】:2019-06-01 06:58:20
【问题描述】:
对于我当前的项目,我使用 1.0.0.RC1 版本的 Spring Lemon 库。当我发出 /api/core/context 请求时,我没有得到 Set-Cookie 和 X-XSRF-TOKEN 标头。
对于我早期的项目,我使用了 Spring Lemon 0.9.0,它运行良好,在上下文请求之后,我可以设置这些参数并发出更多请求。现在无法获取它们,如果我提出除 /context 或 /ping 以外的任何请求,我会收到“无效的 CORS 请求”作为响应。
我的代码就像这里的示例项目:https://github.com/naturalprogrammer/spring-lemon/wiki/Getting-Started-With-Spring-Lemon 有两个变化:
- 我使用 application.properties 而不是 yml。 (后来我想把它放在包之外,
@PropertySource只适用于 .properties。) - 我使用 war 包装而不是 jar。我将它部署到 Apache Tomcat 中。因此,在 application.properties 中,我将
lemon.cors.allowed-origins: http://localhost:9000更改为lemon.cors.allowed-origins: http://localhost:8080
上下文请求后的日志:
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 4 of 14 in additional filter chain; firing Filter: 'CorsFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 5 of 14 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2019-01-06 10:44:41 DEBUG AntPathRequestMatcher:176 - Checking match of request : '/api/core/context'; against '/oauth2/authorization/{registrationId}'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 6 of 14 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2019-01-06 10:44:41 DEBUG AndRequestMatcher:66 - Trying to match using Ant [pattern='/login/oauth2/code/*']
2019-01-06 10:44:41 DEBUG AntPathRequestMatcher:176 - Checking match of request : '/api/core/context'; against '/login/oauth2/code/*'
2019-01-06 10:44:41 DEBUG AndRequestMatcher:69 - Did not match
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 7 of 14 in additional filter chain; firing Filter: 'LemonJpaTokenAuthenticationFilter'
2019-01-06 10:44:41 DEBUG LemonCommonsWebTokenAuthenticationFilter:42 - Inside LemonTokenAuthenticationFilter ...
2019-01-06 10:44:41 DEBUG LemonCommonsWebTokenAuthenticationFilter:70 - Token authentication skipped
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 8 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-01-06 10:44:41 DEBUG AntPathRequestMatcher:156 - Request 'GET /api/core/context' doesn't match 'POST /api/core/login'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-01-06 10:44:41 DEBUG AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@8a1370cd: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-01-06 10:44:41 DEBUG RequestMappingHandlerMapping:420 - Mapped to public java.util.Map<java.lang.String, java.lang.Object> com.naturalprogrammer.spring.lemon.LemonController.getContext(java.util.Optional<java.lang.Long>,javax.servlet.http.HttpServletResponse)
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /api/core/context; Attributes: [permitAll]
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@8a1370cd: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2019-01-06 10:44:41 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@33757a2b, returned: 1
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:243 - Authorization successful
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:256 - RunAsManager did not change Authentication object
2019-01-06 10:44:41 DEBUG FilterChainProxy:313 - /api/core/context reached end of additional filter chain; proceeding with original chain
2019-01-06 10:44:41 DEBUG DispatcherServlet:90 - GET "/CSGOStats/api/core/context", parameters={}
2019-01-06 10:44:41 DEBUG RequestMappingHandlerMapping:420 - Mapped to public java.util.Map<java.lang.String, java.lang.Object> com.naturalprogrammer.spring.lemon.LemonController.getContext(java.util.Optional<java.lang.Long>,javax.servlet.http.HttpServletResponse)
2019-01-06 10:44:41 DEBUG OpenEntityManagerInViewInterceptor:86 - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2019-01-06 10:44:41 DEBUG LemonController:84 - Getting context
2019-01-06 10:44:41 DEBUG JpaTransactionManager:355 - Found thread-bound EntityManager [SessionImpl(631661686<open>)] for JPA transaction
2019-01-06 10:44:41 DEBUG LemonService:179 - Getting context ...
2019-01-06 10:44:41 DEBUG LemonController:86 - Returning context: {context={reCaptchaSiteKey=6LdwxRcUAAAAABkhOGWQXhl9FsR27D5YUJRuGzx0, shared={foobar=123...}}, user=null}
2019-01-06 10:44:41 DEBUG RequestResponseBodyMethodProcessor:267 - Using 'application/json;q=0.8', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8] and supported [application/json, application/*+json, application/json, application/*+json]
2019-01-06 10:44:41 DEBUG RequestResponseBodyMethodProcessor:90 - Writing [{context={reCaptchaSiteKey=6LdwxRcUAAAAABkhOGWQXhl9FsR27D5YUJRuGzx0, shared={foobar=123...}}, user=null}]
2019-01-06 10:44:41 DEBUG HstsHeaderWriter:129 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@47453fa7
2019-01-06 10:44:41 DEBUG OpenEntityManagerInViewInterceptor:111 - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2019-01-06 10:44:41 DEBUG EntityManagerFactoryUtils:418 - Closing JPA EntityManager
2019-01-06 10:44:41 DEBUG DispatcherServlet:1130 - Completed 200 OK
2019-01-06 10:44:41 DEBUG ExceptionTranslationFilter:121 - Chain processed normally
2019-01-06 10:44:41 DEBUG SecurityContextPersistenceFilter:119 - SecurityContextHolder now cleared, as request processing completed
我错过了什么?提前致谢!
【问题讨论】:
-
您可能想使用stackoverflow.com/posts/54060371/edit 编辑/更新问题并粘贴浏览器在开发工具控制台中记录的确切错误消息。如果您还检查响应的 HTTP 状态代码,您可能会得到更好的指导——它是 4xx 还是 5xx 状态代码,而不是 200 OK? - 如果您在问题中指出它是对 CORS 预检 OPTIONS 请求的响应,还是对实际 GET 或 POST 或来自前端代码的任何请求的响应。您可能还想显示发出请求的实际前端代码。
标签: spring-boot cors request-headers spring-lemon