Spring CORS支持自定义令牌验证解决方案

时间:2015-12-11 15:43:05

标签: spring cors token

我正在尝试实施自定义令牌身份验证解决方案。 这里的问题是我无法运行跨域请求。 尝试了很多不同的配置,但一切似乎都没用。

**Configure Http Security** 

  .csrf()
    .disable() //SCRF is disables
  .exceptionHandling()
    .authenticationEntryPoint(this.unauthorizedHandler)
    .and()
  .sessionManagement()
    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
  .authorizeRequests()
    .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
    .anyRequest().authenticated();

// Custom JWT based authentication


httpSecurity
  .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

使用自定义标记实现Cors过滤器的配置。

**CorsFilter DoFilter **


HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;

response.setHeader("Access-Control-Allow-Origin", "*"); //Allow origin activated
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, " + tokenHeader);
if (request.getMethod().equals("OPTIONS")) {
    response.setStatus(HttpServletResponse.SC_OK);
} else {
    chain.doFilter(request, response);
}

我可以在这里找到我刚开始的代码: https://github.com/brahalla/Cerberus

任何线索?

1 个答案:

答案 0 :(得分:0)

假设您的过滤器很好,您需要配置CORS - https://spring.io/guides/gs/rest-service-cors/#_enabling_cors。您的配置中似乎没有任何此类