Question

打包com.example.demo;

import java.util.Arrays;
import java.util.Collections;

import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

private final OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;

public SecurityConfiguration(OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService) {
    System.out.println("loading user:" + oidcUserService);
    this.oidcUserService = oidcUserService;
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.cors()
    .and().authorizeRequests()
    .anyRequest()
    .authenticated()
    .and()
    .oauth2Login()
    .userInfoEndpoint().oidcUserService(oidcUserService);
}

 @Bean
    CorsConfigurationSource corsConfigurationSource() 
    {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("*"));
    configuration.setAllowedMethods(Arrays.asList("*"));
    configuration.setAllowedHeaders(Arrays.asList("*"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
    }

API：

    package com.example.demo;
    
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.web.bind.annotation.CrossOrigin;
    import org.springframework.web.bind.annotation.GetMapping;
    import org.springframework.web.bind.annotation.RestController;
    
    @RestController
    public class AccountResource {
    
        @Autowired
        AdUserInfo adUserInfo;
    
        @CrossOrigin(origins = "http://localhost:4200")
        @GetMapping("/account")
        public AdInfo getAccount() {
            adUserInfo.setEmail("abc@gmail.com");
            return new AdInfo();
        }
    }

角度代码：

        import { Injectable } from '@angular/core';
        import { HttpClient } from '@angular/common/http';
        import { Observable, Subject } from 'rxjs';
        import { AdInfo } from './ad-info';
        @Injectable({
          providedIn: 'root'
        })
        export class LoginService {
          private loginUrl: string;
          constructor(private http: HttpClient) {
            this.loginUrl = 'http://localhost:8080/account';
          }
        
          public login(): Observable<AdInfo> {
            return this.http.get<AdInfo>(this.loginUrl);
          }
        
        }

角类：

            export class AdInfo {
                id: string;
                name: string;
                email: string;
            }

从http：// localhost：8080进行的呼叫工作正常。天蓝色并登录。按照•https://docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory。

现在我想从Angular UI调用它。所以Localhost：4200。做了一个登录页面。 Onlick登录按钮。它正在调用localhost：8080。但是显示重定向到Azure广告登录时显示错误。

错误：在'https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=******&scope=openid%20https://graph.microsoft.com/user.read&state=a04QyhpKFkvGUvjUCRwZ834QhTgzTFYIu74M0768Co0访问XMLHttpRequest来自源'http：// localhost：4200'的％3D＆redirect_uri = http：// localhost：8080 / login / oauth2 / code / azure'（从'http：// localhost：8080 / account'重定向）已被CORS阻止政策：所请求的资源上没有“ Access-Control-Allow-Origin”标头

通过'https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=******&scope=openid%20https://graph.microsoft.com/user访问XMLHttpRequest。从来源'http：// localhost：4200'读取过的read＆state = Du8JvHSEGdD3xcBft6B683mDrW8Zedppel1Xz6lBZwY％3D＆redirect_uri = http：// localhost：4200 / login / oauth2 / code / azure'（从'http：// localhost：4200 / account'重定向）被CORS政策阻止：对预检请求的响应未通过访问控制检查：所请求的资源上没有“ Access-Control-Allow-Origin”标头。

Answer 1

您可能面临的问题是，春季安全性不允许通过飞行前检查请求并使它们失败。

添加

configuration.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept","Authorization"));
configuration.setAllowedMethods(Arrays.asList("GET","POST"));

然后在Angular中尝试添加Proxying to a backend server

如何从angular localhost：4200调用Spring Security Azure AD localhost：8080。天蓝色通话错误

1 个答案: