forked from gushen/sunway-user-system
解决了除GET方法外的跨域问题,重写了spring security 配置文件
This commit is contained in:
puzvv
@@ -27,7 +27,7 @@ public class CorsConfig {
|
|||||||
config.addAllowedHeader("*");
|
config.addAllowedHeader("*");
|
||||||
|
|
||||||
// 允许的请求方法
|
// 允许的请求方法
|
||||||
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
|
config.addAllowedMethod("*");
|
||||||
|
|
||||||
// 允许发送Cookie
|
// 允许发送Cookie
|
||||||
config.setAllowCredentials(true);
|
config.setAllowCredentials(true);
|
||||||
|
|||||||
@@ -6,6 +6,11 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
import org.springframework.web.cors.CorsConfiguration;
|
||||||
|
import org.springframework.web.cors.CorsConfigurationSource;
|
||||||
|
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@@ -14,20 +19,33 @@ public class SecurityConfig {
|
|||||||
@Bean
|
@Bean
|
||||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http
|
http
|
||||||
// 启用跨域配置
|
// 启用跨域配置
|
||||||
.cors(cors -> cors.configurationSource(request -> new org.springframework.web.cors.CorsConfiguration().applyPermitDefaultValues()))
|
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
|
||||||
// 禁用默认的登录表单和HTTP基本认证
|
// 禁用默认的登录表单和HTTP基本认证
|
||||||
.formLogin(form -> form.disable())
|
.formLogin(form -> form.disable())
|
||||||
.httpBasic(basic -> basic.disable())
|
.httpBasic(basic -> basic.disable())
|
||||||
// 允许所有请求通过,取消默认登录验证
|
// 允许所有请求通过,取消默认登录验证
|
||||||
// .authorizeHttpRequests((authz) -> authz
|
// .authorizeHttpRequests((authz) -> authz
|
||||||
// .anyRequest().permitAll()
|
// .anyRequest().permitAll()
|
||||||
// )
|
// )
|
||||||
// 禁用CSRF保护
|
// 禁用CSRF保护
|
||||||
.csrf(csrf -> csrf.disable())
|
.csrf(csrf -> csrf.disable())
|
||||||
// 设置会话创建策略为无状态
|
// 设置会话创建策略为无状态
|
||||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public CorsConfigurationSource corsConfigurationSource() {
|
||||||
|
CorsConfiguration configuration = new CorsConfiguration();
|
||||||
|
configuration.setAllowedOriginPatterns(Arrays.asList("*"));
|
||||||
|
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
|
||||||
|
configuration.setAllowedHeaders(Arrays.asList("*"));
|
||||||
|
configuration.setAllowCredentials(true);
|
||||||
|
|
||||||
|
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||||
|
source.registerCorsConfiguration("/**", configuration);
|
||||||
|
return source;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -28,6 +28,7 @@ import java.util.Map;
|
|||||||
@RestController
|
@RestController
|
||||||
@RequestMapping("/user")
|
@RequestMapping("/user")
|
||||||
@Slf4j
|
@Slf4j
|
||||||
|
@CrossOrigin
|
||||||
public class UserController {
|
public class UserController {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
|
|||||||
Reference in New Issue
Block a user