下午好
我有一个应用程序。此应用程序使用带有spring boot和spring security的rest服务。
这是我的安全配置:
`@Configuration
@EnableWebSecurity
public class ServiceSecurity extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http)
{
try
{
http
.csrf()
.disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
http.cors();
}
catch (Exception ex)
{
Logger.getLogger(ServiceSecurity.class.getName()).log(Level.SEVERE, null, ex);
}
}
@Bean
CorsConfigurationSource corsConfigurationSource()
{
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://192.168.194.129:8080","http://192.168.193.8:8080","http://192.168.193.8:3000","http://192.168.193.6:3000"));
configuration.setAllowedMethods(Arrays.asList("GET","POST"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("cache-control","Content-Type","Access-Control-Allow-Origin","Access-Control-Allow-Headers","Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Authorization","X-Requested-With","X-Frame-Options"));
configuration.setExposedHeaders(Arrays.asList("Content-Type","Access-Control-Allow-Origin","Access-Control-Allow-Headers","Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Authorization","X-Requested-With","X-Frame-Options"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration.applyPermitDefaultValues());
return source;
}}如果我启用chrome扩展“allow cors”,那么只有在我从一个有效的url(在spring安全配置setallowedorigins中)实现请求时,我才能获得所有数据。如果我试图从另一个url获取数据,chrome控制台会显示403错误。 因此,我知道我的rest服务配置正在工作。 但是,如果关闭“allow cors”chrome extension,我会得到以下错误:Access to fetch at 'http://192.168.193.8/WebService/obtenerFertilizantes' from origin 'http://192.168.193.8:3000' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://192.168.193.8:3000, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.chrome网络日志say:(failed)net::err\u获取失败 api在javascript中与fetch一起使用:config = {
method: 'GET',
crossDomain:true,
async: true,
headers: {
'Authorization': 'Basic ' + btoa(username + ":" + password),
'Content-Type': 'application/json',
'Accept': 'application/json',
"Access-Control-Allow-Methods": "POST, GET",
"Access-Control-Allow-Headers": "Content-Type, Access-Control-Allow-Origin, Authorization",
"Access-Control-Allow-Credentials":true,
"cache-control": "no-cache"
}
};
fetch("http://localhost/service/obtenerFertlizantes",config)
.then(response => response.json())
.then(responseJson => {
setDatos(responseJson);
});` 我将感谢你的帮助。
1条答案
按热度按时间7xllpg7q1#
最后,我可以解决这个问题。
api rest服务在payara服务器上。该服务器在default-web.xml配置文件中配置了一个额外的cors。
我删除了关于cors配置的行,工作正常!
我只使用spring安全配置cors。
谢谢!