【问题标题】:Spring Boot Security OAuth Angular Response to preflight request doesn't pass?Spring Boot Security OAuth Angular 对预检请求的响应没有通过?
【发布时间】:2020-08-09 01:36:58
【问题描述】:

来自 Angular 应用程序的登录请求,向 Spring Boot OAuth 服务发出 Web 控制台中的以下错误,

Access to XMLHttpRequest at 'http://localhost:9191/oauth/token' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

这是我的角度登录方法

logIn(u_name: string, password: string): Observable<any> {

    const httpOptions = {
      headers: new HttpHeaders({
        'Authorization': 'Basic ' + btoa('mobile:pin'),
        'Content-type': 'multipart/form-data'
      })
    };

      const requestBody = new HttpParams()
        .set('username', u_name)
        .set('password', password)
        .set('grant_type', 'password');

    return this.http.post('http://localhost:9191/oauth/token', requestBody, httpOptions );
  }

这是WebSecurityConfiguration

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private CorsFilter corsFilter;

    @Bean
    protected AuthenticationManager getAuthenticationManager() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200/auth/login"));
        configuration.setAllowedMethods(Arrays.asList("GET","POST"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class).authorizeRequests().antMatchers("/oauth/token").permitAll()
                .anyRequest().authenticated();

     // i already try with this but it also ended up with the same error
      //  http.cors();
    }


}

CorsFilter配置类



@Configuration
public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "authorization, content-type, xsrf-token");
        response.addHeader("Access-Control-Expose-Headers", "xsrf-token");
        if ("OPTIONS".equals(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            filterChain.doFilter(request, response);
        }
    }
}

我在这里做错了什么。提前致谢。

【问题讨论】:

    标签: angular spring spring-security oauth-2.0


    【解决方案1】:

    仅在 CorsConfigurationSource bean 中指定来源,而不是整个 url,如链接 https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/cors.html 中所示

    【讨论】:

      猜你喜欢
      • 2020-08-27
      • 2018-05-15
      • 2021-09-06
      • 2017-11-09
      • 2017-08-10
      • 1970-01-01
      • 2019-05-25
      • 2020-07-31
      • 2019-05-25
      相关资源
      最近更新 更多