ive是一个在heroku中部署的具有角度前端的春季启动应用程序。我将spring-back配置为禁用cors错误,在我的应用程序中实现jwt身份验证之前,我没有遇到任何问题。然后突然又出现了问题。更具体地说,出现这个错误:
访问'XMLHttpRequesthttps://serene-wave-12377.herokuapp.com/api/register'来自原点'http://localhost:49720'已被CORS策略阻止:对飞行前请求的响应未通过访问控制检查:请求的资源上不存在"access control Allow Origin"标头
我试过了我看到的所有东西,但还是犯了这个错误。
my-webSecurityConfig:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final userService userService;
public WebSecurityConfig(userService userService) {
this.userService = userService;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.authorizeRequests() // authorize
.antMatchers("/**")
.permitAll()
.anyRequest().authenticated() // all requests are authenticated
.and()
.httpBasic();
}
@Bean
public static PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedOrigin("*");
configuration.addAllowedMethod("*");
configuration.addAllowedHeader("*");
configuration.setAllowCredentials(true);
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
}
}
springBootApplication
@SpringBootApplication
public class HibernateProjectApplication extends SpringBootServletInitializer {
public static void main(String[] args) {
SpringApplication.run(HibernateProjectApplication.class, args);
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("HEAD", "GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedHeaders("*").allowedOrigins("*");
}
};
}
用户控制器:
@CrossOrigin(origins = "*", exposedHeaders="Access-Control-Allow-Origin")
@RestController
@RequestMapping("/api")
public class UserController { //methods
我也尝试过我的前端angular应用程序:
register(registerForm: any): Observable<any> {
let body = {
email: registerForm.email,
password: registerForm.password,
name: registerForm.name,
surname: registerForm.surname,
};
const headers = new HttpHeaders()
.set('content-type', 'application/json')
.set('Access-Control-Allow-Origin', '*');
return this.http.post(
'https://serene-wave-12377.herokuapp.com/api/register',
body
), { 'headers': headers };
}
什么都不管用。我非常感谢你们提出的任何帮助/想法。提前感谢!
问题在于WebSecurityConfig类configure方法。当您实现Spring安全性时,它会覆盖您之前实现的cors-configs。为了克服这个问题,您必须添加http.cors().and()在CCD_ 4方法的开始。因此,通过将configure方法的实现更改为如下,将起作用。
http.cors().and().csrf().disable()
.authorizeRequests().antMatchers("/api/**").permitAll()
.anyRequest()
.authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests().and().httpBasic();
http.headers().cacheControl();