CORS过滤器不适用于spring oauth / token

时间:2017-09-14 11:47:11

标签: spring-boot cors

我的过滤器有以下配置。向OPTIONS提出CORS请求时,localhost:8080/oauth/token请求似乎无法通过。

@Bean
  public FilterRegistrationBean corsFilter() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*"); // @Value: http://localhost:8080
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
    bean.setOrder(-1);
    return bean;
  }

@Override
protected void configure(HttpSecurity http) throws Exception{
    http.csrf().disable().authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll().antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
}

我在配置中遗漏了什么?

1 个答案:

答案 0 :(得分:2)

问题是过滤器的顺序应该设置为这样:

   bean.setOrder(Ordered.HIGHEST_PRECEDENCE);