当我在web.xml中添加org.springframework.web.filter.DelegatingFilterProxy时,我无法从Angular UI访问Spring API,但是当我删除时,我可以访问(但是我可以访问该API并获取邮递员中使用基本身份验证的响应)我添加了自定义过滤器。给出以下配置
Web.xml
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>com.config.CustomFilter</filter-class>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
CustomFilter类
public class CustomFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers",
"authorization, content-type, xsrf-token, Cache-Control, remember-me, WWW-Authenticate");
response.addHeader("Access-Control-Expose-Headers", "xsrf-token");
chain.doFilter(request, response);
}
public void destroy() {}
}
从角度来看api调用请求
getMenu(){
const endpoint = 'http://localhost:8080/getAllProducts';
const headers = new HttpHeaders({Authorization: 'Basic ' + btoa('******@gmail.com:*****')});
return this.http.get<any>(endpoint,{headers});
}
用于弹簧安全性的ApplicationContext.xml
<!-- Spring - Security Purpose -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/index/**"
access="permitAll" />
<security:intercept-url pattern="/index1/**"
access="permitAll" />
<security:intercept-url pattern="/cart/**"
access="permitAll" />
<security:intercept-url pattern="/get*/**"
access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
<security:intercept-url pattern="/admin*/**"
access="hasRole('ROLE_ADMIN')" />
<security:form-login login-page="/login"
authentication-failure-url="/login?error" default-target-url="/index1"
username-parameter="j_username"
password-parameter="j_password" />
<security:logout logout-success-url="/login?logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<!-- <security:user-service> -->
<!-- <security:user name="ismail@gmail.com" password="12345" -->
<!-- authorities="ROLE_USER" /> -->
<!-- <security:user name="ajmal@gmail.com" password="54321" -->
<!-- authorities="ROLE_ADMIN" /> -->
<!-- </security:user-service> -->
<security:jdbc-user-service
data-source-ref="dataSource"
authorities-by-username-query="SELECT
emailId,authorities FROM authorities WHERE emailId =?"
users-by-username-query="SELECT
emailId, password, enabled FROM users WHERE emailId=? " />
</security:authentication-provider>
</security:authentication-manager>
从原点“ http://localhost:8080/getAllProducts”到“ http://localhost:4200”处对XMLHttpRequest的访问已被CORS策略阻止:对预检请求的响应未通过访问控制检查:预检请求不允许重定向