Spring CorsFilter似乎在预检请求中仍然收到401仍然无法正常工作
嗨,我是Spring
Security的新手,正在尝试弄清楚如何配置身份验证服务器以颁发令牌。我现在遇到的问题是,我在Cors预检请求中收到401或403,不确定下面如何解决是基于一些教程的准系统实现
https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
http://www.baeldung.com/spring-security-oauth-
jwt
@Configuration@EnableWebSecurity
@EnableGlobalMethodSecurity
@PropertySource(value = "classpath:oauth.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserRepository userRepository;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
@Autowired
ObjectMapper mapper;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().antMatchers(HttpMethod.OPTIONS,"/oauth/token").permitAll()
.anyRequest().authenticated();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().
withUser("john").password("123").roles("USER").
and().
withUser("tom").password("111").roles("ADMIN");
}
@Bean
public FilterRegistrationBean corsFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter2());
bean.setOrder(0);
return bean;
}
}
@Configuration
@EnableAuthorizationServer
public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter{
@Autowired
private Environment env;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer){
oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
clients.inMemory().withClient("acme").secret("acmesecret").authorizedGrantTypes("authorization_code", "refresh_token",
"password").scopes("openId");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints){
final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(),accessTokenConverter()));
endpoints.tokenStore(tokenStore())
.tokenEnhancer(tokenEnhancerChain)
.authenticationManager(authenticationManager);
}
@Bean
public JwtAccessTokenConverter accessTokenConverter(){
final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
return converter;
}
@Bean
public TokenStore tokenStore(){
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public FilterRegistrationBean corsFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter2());
bean.setOrder(0);
return bean;
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
}
CorsFilter2是在春季4.2中引入的spring cors过滤器,当时我正在使用它来插入适当的响应头以发送回客户端。
回答:
所以我想出了我必须配置网络安全性以忽略CoresRequest请求的问题,因此在配置网络安全性的configure块中,我必须对此进行设置
web.ignoring().requestMatchers(CorsUtils::isPreFlightRequest);它开始工作。
以上是 Spring CorsFilter似乎在预检请求中仍然收到401仍然无法正常工作 的全部内容, 来源链接: utcz.com/qa/403903.html
