Question

我是角度和弹簧安全的新手。当尝试使用基本身份验证从角度登录表单页面登录到其余端点时，我遇到CORS问题。我的Angular代码在http://localhost:4200上运行，其余结束点在http://localhost:8181上。我的角度登录表单尝试向我在登录控制器中指定的http://localhost:8181/token发出请求。即使我在服务器端添加了cors配置，我也会收到此错误： -

无法加载http://localhost:8181/token：对预检请求的响应未通过访问控制检查：请求的资源上没有“Access-Control-Allow-Origin”标头。因此，不允许原点“http://localhost:4200”访问。响应的HTTP状态代码为403。

（angular）login.service.ts： -

cat <file_name>

}

（spring）SecurityConfig.java

@Injectable()
export class LoginService {
  constructor(private http: Http) {}

  sendCredential(username: string, password: string) {
    const url = 'http://localhost:8181/token';
    const encodedCredential = username + ':' + password;
    const basicHeader = 'Basic ' + btoa(encodedCredential);
    const headers = new Headers();
    headers.append('Content-Type', 'application/x-wwww-form-urlencoded');
    headers.append('Authorization' ,  basicHeader);
    const opts = new RequestOptions({headers: headers});
    return this.http.get(url, opts);
  }

LoginController.java

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

private static final String[] PUBLIC_MATCHERS = {
            "/css/**",
            "/js/**",
            "/image/**",
            "/book/**",
            "/user/**"
    };

@Override
    protected void configure(HttpSecurity http) throws Exception{
        http
                .cors().and()
                .csrf().disable()
                .httpBasic()
                .and()
                .authorizeRequests()
                .antMatchers(PUBLIC_MATCHERS)
                .permitAll()
                .anyRequest()
                .authenticated();
    }
 @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("*"));
        configuration.setAllowedMethods(Arrays.asList("GET","POST","DELETE","PUT","OPTIONS"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
    }

Answer 1

尝试此配置。它应该适合你。

@Bean
CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("*"));
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "DELETE", "PUT", "PATCH"));
        configuration.setAllowedHeaders(Arrays.asList("X-Requested-With", "Origin", "Content-Type", "Accept", "Authorization"));
        configuration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

因为您正在使用spring security / authentication。你应该使用setAllowCredentials（true）。

Answer 2

使用

@CrossOrigin("http://your-foreign-site/")
@RequestMapping("/token")

代替。

Answer 3

我被这个问题困扰了2天，在@CrossOrigin("*")中添加controller解决了我的问题。

注意：您可以将origin address代替*

Answer 4

控制器内的

使用.properties文件中的值

@Value（＆＃34; $ {cors.site.enable}＆＃34）私人字符串网站;

使用@crossOrigin（site）

Answer 5

添加

<mvc:cors>
    <mvc:mapping path="/**" />
</mvc:cors>

到web.xml以允许来自所有主机的连接

原产地：https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

spring CORS和angular not working：HTTP状态码403错误

5 个答案: