java 如何在 Spring Boot 中在 Spring Security 级别启用 CORS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/48926480/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to enable CORS at Spring Security level in Spring boot
提问by Lahiru Gamage
I am working with a spring boot application which uses Spring Security. I have tried @CrossOrigin to enable cors but it didn't work.
我正在使用使用 Spring Security 的 Spring Boot 应用程序。我试过@CrossOrigin 来启用 cors,但它没有用。
If you want to find my error refer this
如果你想找到我的错误,请参考这个
Spring Blogssays that when we are working with spring security, we must enable cors at spring security level.
Spring Blogs说,当我们使用spring security 时,我们必须在 spring 安全级别启用 cors。
And my project is below.
我的项目在下面。
Can anyone explain where should I put those configuration and how to find the spring security level.
谁能解释我应该把这些配置放在哪里以及如何找到 spring 安全级别。
回答by becher henchiri
this is a way to make Spring Security 4.1 support CROS with Spring BOOT 1.5
这是使 Spring Security 4.1 通过 Spring BOOT 1.5 支持 CROS 的一种方法
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");
}
}
with
和
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.csrf().disable();
http.cors();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(ImmutableList.of("*"));
configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
回答by Sibin
If you prefer using CORS global configuration, you can declare a CorsConfigurationSource bean as following:
如果你更喜欢使用 CORS 全局配置,你可以声明一个 CorsConfigurationSource bean,如下所示:
@EnableWebSecurity
public class WebSecurityConfig extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws
Exception {
http.cors().and()...
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new
UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
return source;
}
}
For further refernces about spring boot project examples 1)https://hellokoding.com/registration-and-login-example-with-spring-security-spring-boot-spring-data-jpa-hsql-jsp/Or 2)http://www.mkyong.com/spring-boot/spring-boot-spring-security-thymeleaf-example/
有关 Spring Boot 项目示例的进一步参考 1) https://hellokoding.com/registration-and-login-example-with-spring-security-spring-boot-spring-data-jpa-hsql-jsp/或 2) http ://www.mkyong.com/spring-boot/spring-boot-spring-security-thymeleaf-example/
