Google OAuth2不存在“ Access-Control-Allow-Origin”标头

时间:2019-09-13 22:01:12

标签: java spring spring-security cors

我有一个关于Java(Spring)+ JS(React)的项目。我通过Google oauth2进行了授权。在localhost上,我的代码运行正常,但是当我将网站上传到Heroku云时,会出现以下异常。

  

访问资源“ https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id= {MyClientId} .apps.googleusercontent.com&scope = email%20profile&state = cidgievLEUhHBkHigTnGp6IfXkWRiG_eN_OL8EESnMA%3D&redirect_uri = https://my-app.herokuapp.com/oauth2/callback/google”(从“ {{3}”重定向) “ https://my-app.herokuapp.com/manifest.json”已被CORS策略阻止:所请求的资源上没有“ Access-Control-Allow-Origin”标头。

如何在JS端调用此授权>>> 

      onGoogleSignUpClick = () => {
        window.location.href =
         "https://my-app.herokuapp.com/oauth2/authorize/google?redirect_uri=https://my-app.herokuapp.com/oauth2/redirect";
      };

        <button
           className="google-btn"
           onClick={this.onGoogleSignUpClick}
        >
        </button>

我在Java端的安全配置类>>> 

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
        securedEnabled = true,
        jsr250Enabled = true,
        prePostEnabled = true
)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomUserDetailsService customUserDetailsService;

    @Autowired
    private CustomOAuth2UserService customOAuth2UserService;

    @Autowired
    private OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;

    @Autowired
    private OAuth2AuthenticationFailureHandler oAuth2AuthenticationFailureHandler;

    @Autowired
    private HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository;

    @Bean
    public TokenAuthenticationFilter tokenAuthenticationFilter() {
        return new TokenAuthenticationFilter();
    }

    @Bean
    public HttpCookieOAuth2AuthorizationRequestRepository cookieAuthorizationRequestRepository() {
        return new HttpCookieOAuth2AuthorizationRequestRepository();
    }

    @Override
    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder
                .userDetailsService(customUserDetailsService)
                .passwordEncoder(passwordEncoder());
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


    @Bean(BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .formLogin()
                .disable()
                .httpBasic()
                .disable()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests().antMatchers(
                "/",
                "/error",
                "/favicon.ico",
                "/**/*.png",
                "/**/*.gif",
                "/**/*.svg",
                "/**/*.jpg",
                "/**/*.html",
                "/**/*.css",
                "/**/*.js"
                ).permitAll()
                .antMatchers("/profile/**","/post/**","/followers/**","/auth/**","/oauth2/**","/ws/**").permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .oauth2Login()
                    .authorizationEndpoint()
                    .baseUri("/oauth2/authorize")
                    .authorizationRequestRepository(cookieAuthorizationRequestRepository())
                .and()
                    .redirectionEndpoint()
                    .baseUri("/oauth2/callback/*")
                .and()
                    .userInfoEndpoint()
                    .userService(customOAuth2UserService)
                .and()
                .successHandler(oAuth2AuthenticationSuccessHandler)
                .failureHandler(oAuth2AuthenticationFailureHandler);

        http
                .addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}

我也有WebMvcConfig类>>> 

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    private final long MAX_AGE_SECS = 3600;

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("*")
                .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
                .allowedHeaders("*")
                .allowCredentials(true)
                .maxAge(MAX_AGE_SECS);
    }
}

非常感谢您的帮助。

1 个答案:

答案 0 :(得分:0)

我认为您在OAuth2客户端创建中缺少授权域。您需要按以下方式授权您的域。

enter image description here

相关问题
最新问题