CORS Spring安全Oauth2
CORS Spring安全Oauth2
提问于 2019-10-11 17:30:56
我有关于CORS Spring Security Oauth2的问题。
这是我的班级CustomAuthenProvider.java
@Component
public class CustomAuthenProvider implements AuthenticationProvider {
private static final Logger logger = LogManager.getLogger(CustomAuthenProvider.class);
@Autowired(required = false)
private HttpServletRequest request;
@Autowired
private LdapService ldapService;
@Value("${key.twofactor}")
private String key;
@Override
public Authentication authenticate(Authentication authentication) {
boolean authorizeLdap = ldapService.authorizeLDAP(authentication.getName(),
authentication.getCredentials().toString());
Totp totp = new Totp(key);
if (!authorizeLdap || !totp.verify(request.getParameter(Constant.OTP))) {
logger.info("Login Fail");
return null;
}
Authentication auth = new UsernamePasswordAuthenticationToken(authentication.getName(),
authentication.getCredentials().toString(), getAuthorityAdmin());
return auth;
}
private List<SimpleGrantedAuthority> getAuthorityAdmin() {
return Arrays.asList(new SimpleGrantedAuthority("ROLE_ADMIN"));
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}这是我的班级SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenProvider customAuthenProvider;
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthenProvider);
}
@SuppressWarnings("deprecation") // For NoOpPasswordEncoder
// Using NoOpPasswordEncoder for simplicity's sake
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().anonymous().disable().authorizeRequests()
.antMatchers("/api-docs/**").permitAll();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration
.setAllowedMethods(Arrays.asList("GET", "POST", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}我使用Angular 7作为前端。
当调用API 192.168.0.109:8182/oauth/token时,显示错误:
2zone-evergreen.js:2952 OPTIONS http://192.168.0.109:8182/oauth/token 401
Access to XMLHttpRequest at 'http://192.168.0.109:8182/oauth/token' from origin 'http://192.168.0.113:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.我不知道为什么会出现未经授权的消息。
有人能帮我吗?
提前谢谢。:)
回答 1
Stack Overflow用户
发布于 2019-10-11 21:11:31
modify as below and try
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().anonymous().disable().authorizeRequests()
.antMatchers("/api/auth/**")
.permitAll()
.antMatchers(HttpMethod.GET, "/api/**", "/api/**")
.permitAll();
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/58338306
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号