Spring boot OAuth2 - OAuth Token不返回授权令牌

时间:2016-05-11 07:47:08

标签: java spring spring-boot cors oauth2

我遇到了这个错误。

XMLHttpRequest cannot load http://localhost:8080/oauth/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401.

我已经添加了我的cors过滤器。

@Component
public class CorsFilter implements Filter {

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "origin,Content-Type, Accept, X-Requested-With, remember-me");
        if(request.getHeader("request").equalsIgnoreCase("options")) {
            response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
        }
        chain.doFilter(req, res);
    }

    @Override
    public void init(FilterConfig filterConfig) {
    }

    @Override
    public void destroy() {
    }

}

并且安全配置可能会像这样。

  //Added Swagger to ignore lists
        http.authorizeRequests()
                .antMatchers(
                        "/swagger-ui.html",
                        "/webjars/springfox-swagger-ui/**",
                        "/configuration/ui",
                        "/oauth/token",
                        "/v2/**",
                        "/register",
                        "/swagger-resources",
                        "/clinic",
                        "/reindex",
                        "/rating/featured-rating",
                        "/doctor/*",
                        "/doctor/clinic/*",
                        "/doctor/profile/*",
                        "/clinic/profile/*",
                        "/**/*.html",
                        "/app/**",
                        "/assets/**",
                        "/fonts/*",
                        "/styles/images/*",
                        "/",
                        "/search-term",
                        "/search/detail",
                        "/location",
                        "/verify",
                        "/register",
                        "/doctor/register/request",
                        "/rating/create",
                        "/rating/has-like",
                        "/rating/like",
                        "/doctor/download/**",
                        "/clinic/download/**",
                        "/patient/references/*",
                        "/vanilla",
                        "/rating/featured-rating",
                        "/reset",
                        "/validate-pass",
                        "/change-pass",
                        "/save-pass",
                        "/users",
                        "/events/report").permitAll()
                .anyRequest().authenticated()
                .and().csrf().disable();

        http.authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
        http.headers()
                .xssProtection().and()
                .cacheControl().and()
                .httpStrictTransportSecurity().and()
                .frameOptions();

这是我的错误enter image description here

的屏幕截图

我还想念什么?

修改

我已将我的cors配置更新为以下

import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Enumeration;

    @Component
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public class CorsFilter implements Filter {

        @Override
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;
            response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
            response.setHeader("Access-Control-Allow-Credentials", "true");
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");

            request.getHeaderNames();

            if(request.getMethod().equalsIgnoreCase("OPTIONS")) {
            } else {
                chain.doFilter(req, res);
            }

            //chain.doFilter(req, res);
        }

        @Override
        public void init(FilterConfig filterConfig) {
        }

        @Override
        public void destroy() {
        }

    }

然而,响应现在就像这样

enter image description here

对于此应用程序调用/ oauth / token所需的authorization_token无响应

1 个答案:

答案 0 :(得分:0)

根据this post,您需要进行两项更改:

  1. 通过添加import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; @Component @Order(Ordered.HIGHEST_PRECEDENCE) class CorsFilter implements Filter { 注释,确保在Spring Security过滤器之前加载过滤器。

    if(request.getHeader("request").equalsIgnoreCase("options")) {
    // ...
} else {
    chain.doFilter(req, res);
}

  2. 您应该破坏OPTION请求方法的过滤器链。

    Access-Control-Allow-Origin

    3. 此外,我不太明白为什么你在if语句中设置periodInMinutes标题,因为你在条件之前这样做了。

相关问题
最新问题