如何在Spring Boot中以Spring Security级别启用CORS
我正在使用使用Spring Security的Spring Boot应用程序。我尝试了@CrossOrigin来启用cors,但是没有用。
Spring Blogs说,当我们使用 ,必须 。
我的项目在下面。
谁能解释我应该将那些配置放在哪里以及如何找到spring安全级别。
回答:
这是一种使Spring Security 4.1通过Spring BOOT 1.5支持CROS的方法
@Configurationpublic class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");
}
}
与
@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.csrf().disable();
http.cors();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(ImmutableList.of("*"));
configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
以上是 如何在Spring Boot中以Spring Security级别启用CORS 的全部内容, 来源链接: utcz.com/qa/415042.html
