我正在尝试实施自定义令牌身份验证解决方案。 这里的问题是我无法运行跨域请求。 尝试了很多不同的配置,但一切似乎都没用。
**Configure Http Security**
.csrf()
.disable() //SCRF is disables
.exceptionHandling()
.authenticationEntryPoint(this.unauthorizedHandler)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.anyRequest().authenticated();
// Custom JWT based authentication
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
使用自定义标记实现Cors过滤器的配置。
**CorsFilter DoFilter **
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*"); //Allow origin activated
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, " + tokenHeader);
if (request.getMethod().equals("OPTIONS")) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(request, response);
}
我可以在这里找到我刚开始的代码: https://github.com/brahalla/Cerberus
任何线索?
答案 0 :(得分:0)
假设您的过滤器很好,您需要配置CORS - https://spring.io/guides/gs/rest-service-cors/#_enabling_cors。您的配置中似乎没有任何此类