【问题标题】:webflux: cross Domain + basic authorization is not working?webflux:跨域+基本授权不起作用?
【发布时间】:2018-06-12 15:20:24
【问题描述】:

我使用的是 Spring 2.0.1,这是我的 SecurityWebFilterChain

@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    return http
            // Demonstrate that method security works
            // Best practice to use both for defense in depth
            .authorizeExchange()
            .anyExchange().permitAll()
            .and()
            .httpBasic().and()
            .build();

这是交叉配置

@Configuration
@EnableWebFlux
public class WebConfig implements WebFluxConfigurer {

@Override
public void addCorsMappings(CorsRegistry registry) {
    final String ALLOWED_HEADERS = "x-requested-with, authorization, 
 Content-Type, Authorization, credential, X-XSRF-TOKEN";
    final String ALLOWED_METHODS = "GET, PUT, POST, DELETE, OPTIONS";
    final String ALLOWED_ORIGIN = "http://192.168.18.124:8888";
    final long MAX_AGE = 3600;
    registry.addMapping("/report/**")
            .allowedOrigins(ALLOWED_ORIGIN)
            .allowedMethods("PUT", "GET")
            .allowedHeaders("x-requested-with", "authorization", 
   "Content-Type", "Authorization", "credential", "X-XSRF-TOKEN")
            .allowCredentials(true).maxAge(3600);
  }
 }

我的 ajax 代码

            var data = {};


            $.ajax({
                type: 'GET',
                async: false,
                url: 'http://192.168.18.135:8765/report/summaries/date/2017-06-12',
                dataType: 'json',
                data: data,
                crossDomain: true,
                crossOrigin: true,
                beforeSend: function (xhr) {
                    xhr.withCredentials = true;
                    xhr.setRequestHeader('Authorization', 'Basic ' + "xxxxx");
                },
                success: function (responseData) {
                    console.log('-----------------response-------------------');
                    console.log(responseData);
                    console.log('-----------------response-------------------');
                    response = responseData;
                },
                error: function (responseData) {
                    response.error = responseData;
                }
            });
            return response;
        });

服务器响应的错误:

http://192.168.18.135:8765/report/summaries/date/2017-06-12。请求的资源上不存在“Access-Control-Allow-Origin”标头。因此,Origin 'http://192.168.18.124:8888' 不允许访问。响应的 HTTP 状态代码为 500。

如果我删除

xhr.setRequestHeader('授权', '基本' + "xxxxx");

它会返回 401 授权。

是否可以跨域+基本授权?

【问题讨论】:

  • 您能否添加有关您的应用程序包结构的信息?这些配置类在哪里,您的应用程序类在哪个包中?请注意,您不需要 @EnableWebFlux,因为它会关闭 Spring Boot 自动配置。

标签: spring-webflux


【解决方案1】:

这是我的 CORS 配置。创建一个新的 WebConfig 类并像这样声明一个 Bean:

@Configuration
public class WebConfig {

    @Bean
        public WebMvcConfigurer corsConfigurer() {
            return new WebMvcConfigurerAdapter() {
                @Override
                public void addCorsMappings(CorsRegistry registry) {
                    registry.addMapping("/**")
                            .allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");

                }
            };
        }

}

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2018-02-04
    • 2018-11-03
    • 1970-01-01
    • 2016-11-30
    • 2014-03-10
    • 2018-04-22
    • 1970-01-01
    • 2015-03-03
    相关资源
    最近更新 更多