具有Spring安全性的Angular 2 + CORS + Spring Boot Rest控制器

时间:2017-09-25 17:14:22

标签: spring angular spring-mvc spring-security cors

我正在使用angular2作为前端和弹簧引导控制器。在添加spring security之前,我的应用程序运行正常添加安全性后,弹簧引导控制器中不会调用带参数的函数。下面是代码

Rest Controller:
----------------
@RestController
public class JobCleanupServiceController {

    private static final Logger logger = LoggerFactory.getLogger(JobCleanupServiceController.class);
   @Autowired
   JobCleanupDAO dao;

    @CrossOrigin(origins = "http://localhost:4200")
    @RequestMapping("/jobcleanup")

    public Collection<JobCleanup> index(@RequestBody String owner) {

        logger.info("Display All Jobs"+ owner);
        return dao.findAll(owner);

    }


    @CrossOrigin(origins = "http://localhost:4200")
    @RequestMapping("/jobcleanupclosedtickets")

    public JobCleanupMetrics getJobCleanupClosedTickets()
    {
        logger.info("JobCleanupMetrics getJobCleanupClosedTickets ");
        return dao.getJobCleanupClosedTickets();
    }



    @CrossOrigin(origins = "http://localhost:4200")
    @RequestMapping("/jobcleanuplinechartdata")
    public JobCleanupChart getJobCleanupLineChartData(@RequestBody String  owner){
        return dao.getJobCleanupLineChartData(owner);
    }

WebConfig.java
-------------

@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**");
    }
}

SecurityConfig.java 

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors();
        http.authorizeRequests()
                    .antMatchers(
                            "/jobcleanup",
                            "/jobcleanupclosedtickets",
                            "/jobcleanuplinechartdata"
                    ).permitAll();
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        final CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("*"));
        configuration.setAllowedMethods(Arrays.asList("*"));
        configuration.setAllowCredentials(true);
        configuration.setAllowedHeaders(Arrays.asList("*"));
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

在我输入http://localhost:4200之前添加spring security之前,所有这些都被称为“/ jobcleanup”,   “/ jobcleanupclosedtickets”  “/ jobcleanuplinechartdata”。添加spring security之后只调用“/ jobcleanupclosedtickets”,其他方法都没有被调用。 除了“/ jobcleanupclosedtickets”之外,其他方法都有请求体。

有人可以帮我解决这个问题吗?

1 个答案:

答案 0 :(得分:1)

更新了SecurityConfig.java,如下所示。默认情况下,在spring security中启用csrf。

 @Configuration
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {

    http.csrf().disable();
    http.cors();

        }

        @Bean
        public CorsConfigurationSource corsConfigurationSource() {
            final CorsConfiguration configuration = new CorsConfiguration();
            configuration.setAllowedOrigins(Arrays.asList("*"));
            configuration.setAllowedMethods(Arrays.asList("*"));
            configuration.setAllowCredentials(true);
            configuration.setAllowedHeaders(Arrays.asList("*"));
            final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
            source.registerCorsConfiguration("/**", configuration);
            return source;
        }
    }
相关问题
最新问题