我正在使用Easy UI + Spring Security + Spring Boot,
将OAuth2设置添加到项目并重新显示网页后
Refused to display 'http://localhost:8080/vehicle/admin/index' in a frame because it set 'X-Frame-Options' to 'DENY'.
我知道这是因为Spring Security框架选项,
但是我试图将选项设置为SAMEORIGIN还是DISABLE,它仍然无法正常工作。
我的webSecurityAdapter方法配置为:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers().frameOptions().sameOrigin().and()
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/oauth/token").permitAll();
}
更新:
尝试了多个http配置,但仍然无法正常工作。
代码
@Configuration
@Order(1)
public class TokenWebConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private CustomAuthenticationProvider authProvider;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/oauth/token").permitAll();
}
}
@Configuration
@Order(2)
public class CommonWebConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/admin/**")
.headers().frameOptions().sameOrigin();
}
}