我的过滤器有以下配置。向OPTIONS提出CORS请求时,localhost:8080/oauth/token请求似乎无法通过。
@Bean
public FilterRegistrationBean corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*"); // @Value: http://localhost:8080
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(-1);
return bean;
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.csrf().disable().authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll().antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
}
我在配置中遗漏了什么?
答案 0 :(得分:2)
问题是过滤器的顺序应该设置为这样:
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);