Question

我有一个oauth2实现的休息服务器。 POSTMAN工作正常但我们的angular2客户端因为控制台上的以下原因而无法工作：

对预检请求的响应未通过访问控制检查：否请求中存在“Access-Control-Allow-Origin”标头资源。因此不允许来源“http://localhost:4200” 访问。响应的HTTP状态代码为401。

已经阅读并尝试了几个小时的问题。我们的过滤器实现如下：

@Component
public class CORSFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;

        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers");


        chain.doFilter(req, res);
    }

    public void init(FilterConfig filterConfig) {}

    public void destroy() {}

}

在Initializer类中我们如何启动它（也尝试了注释覆盖方法）

public class ZiftInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { ZiftConfiguration.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return null;
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }

    /*
    @Override
    public void onStartup(ServletContext servletContext) throws ServletException {
        registerServletFilter(servletContext, new CORSFilter());
        super.onStartup(servletContext);
    }*/


    @Override
    protected Filter[] getServletFilters() {
        Filter [] singleton = { new CORSFilter()};
        return singleton;
    }
}

最后，我们的课程扩展了WebSecurityConfigurerAdapter

@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;
    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {

        auth.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery("select username,password, enabled from User where username=?")
        .authoritiesByUsernameQuery("select username, role from User_Roles where username=?");


    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().anonymous().disable().authorizeRequests().antMatchers("/oauth/token").permitAll();
        http.authorizeRequests().antMatchers("/oauth/token/").permitAll();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    @Autowired
    public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
        TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
        handler.setTokenStore(tokenStore);
        handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
        handler.setClientDetailsService(clientDetailsService);

        return handler;
    }

    @Bean
    @Autowired
    public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
        TokenApprovalStore store = new TokenApprovalStore();
        store.setTokenStore(tokenStore);

        return store; 
    }

}

可能是什么问题？甚至感谢大家阅读。

Answer 1

@Order(Ordered.HIGHEST_PRECEDENCE)

在CORSFilter Class级别使用此注释。我已经尝试了一次，现在它正常工作。

@Component @Order(Ordered.HIGHEST_PRECEDENCE) public class CORSFilter implements Filter { to do... }

Answer 2

以下是我们如何从angular2

发送帖子请求

  httpPost(uri: string, dataToSent = null, options= {} ){
    if(this.token) options['authorization'] = this.token;

    let headers = new Headers(options);
    let opt = new RequestOptions({ headers: headers});

    console.log(headers);
    return this.http.post(this.baseUri + uri, dataToSent, opt)
      .map((response: Response) => response.json())
      .catch(this.handleError);
  }




login(user: {email: string, password: string}): boolean{

    // TODO contact server to get user here
    let url = "oauth/token?grant_type=password&username=x%x&password=x";
    let encoded = btoa("x" + ":" + "x");

    let options = {
      Authorization: "Basic " + encoded,
      username: "xx",
      password: "xx",
      crossDomain: true,

    }
    console.log("logging");
    this.httpService.httpPost(url ,{},options).subscribe(
      (response) => {
        console.log(response);
        this.router.navigate(['/'+ 5, 'admin']);
      }
    );
    /*

Answer 3

以下是来自catalina.out的日志。由于某种原因，用户设置为匿名。

07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.NegatedRequestMatcher - matches = true
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Did not match
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - No matches found
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint - No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@5b00667d
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
07:25:00.633 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token']
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/oauth/token'; against '/oauth/token'
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - matched
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.header.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@af3e6d
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'GET /logout
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'POST /logout
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'PUT /logout
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'DELETE /logout
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - No matches found
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx.com&password=xx at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 89.78.223.237; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/oauth/token'; against '/oauth/token'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /oauth/token?grant_type=password&username=xx.com&password=xx; Attributes: [fullyAuthenticated]
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 89.78.223.237; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@27afca98, returned: -1
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:509)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1104)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1524)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1480)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Trying to match using Ant [pattern='/**', GET]
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'GET /**
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Did not match
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - Request not saved as configured RequestMatcher did not match
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Calling Authentication entry point.
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint - Trying to match using OrRequestMatcher [requestMatchers=[RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]]]]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.NegatedRequestMatcher - matches = true
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:25:00.639 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Did not match
07:25:00.639 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - No matches found
07:25:00.639 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint - No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@5b00667d
07:25:00.639 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

Spring Boot Oauth2，“Access-Control-Allow-Origin”错误（服务器返回401）

3 个答案: