CORS无法使用Spring Boot和AngularJS

Question

我在Spring Boot中使用Spring Data Rest and Cors的代码，在AngularJS中使用How do I get basic auth working in AngularJS?。

在设置基本身份验证之前，CORS正在运行。身份验证本身仅在服务器上运行，但不是组合使用。

是的，我正在使用Chrome，而且我读到CORS并不总是正常工作;
但它工作正常，当我构建服务器并在线启动它（弹簧启动端口8080）时，它也无法正常工作。

我收到了Refused to set unsafe header "Access-Control-Request-Headers"和典型的Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63344' is therefore not allowed access. The response had HTTP status code 401.错误。

Spring Boot

CORS

@Configuration
public class RestConfiguration {

    /**
     * https://stackoverflow.com/a/31748398/122441 until https://jira.spring.io/browse/DATAREST-573
     */
    @Bean
    public FilterRegistrationBean corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("OPTIONS");
        config.addAllowedMethod("HEAD");
        config.addAllowedMethod("GET");
        config.addAllowedMethod("PUT");
        config.addAllowedMethod("POST");
        config.addAllowedMethod("DELETE");
        config.addAllowedMethod("PATCH");
        source.registerCorsConfiguration("/**", config);
        // return new CorsFilter(source);
        final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(0);
        return bean;
    }
}

安全

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final String username = "dummy";
    private static final String password = "dummy";

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests() //Authorize Request Configuration
                .antMatchers("/api/**").hasRole("API")
                .anyRequest().authenticated()
                .and() //HTTP basic Authentication only for API
                .antMatcher("/api/**").httpBasic();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser(username).password(password).roles("API");
    }
}

AngularJS

app.config(function ($httpProvider, Base64Provider) {
    // https://stackoverflow.com/a/17959564/2715720
    $httpProvider.defaults.useXDomain = true;
    $httpProvider.defaults.withCredentials = true;
    delete $httpProvider.defaults.headers.common["X-Requested-With"];
    $httpProvider.defaults.headers.common["Accept"] = "application/json";
    $httpProvider.defaults.headers.common["Content-Type"] = "application/json";
    $httpProvider.defaults.headers.common["Access-Control-Request-Headers"] = "accept, content-type, origin, authorization";
    $httpProvider.defaults.headers.common['Authorization'] = 'Basic ' + Base64Provider.encode('dummy' + ':' + 'dummy');
});

Answer 1

您需要在安全配置中添加cors过滤器。

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)

                .authorizeRequests() 
                .antMatchers("/api/**").hasRole("API")
                .anyRequest().authenticated()
                .and() 
                .antMatcher("/api/**").httpBasic();
    }
}