Spring security中跨域配置

  • A+
所属分类:Spring Security

在Spring security中,只配置下面的代码是不会生效的

  1. import org.springframework.context.annotation.Bean;
  2. import org.springframework.context.annotation.Configuration;
  3. import org.springframework.web.cors.CorsConfiguration;
  4. import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
  5. import org.springframework.web.filter.CorsFilter;
  6. @Configuration
  7. public class CorsConfig {
  8. private CorsConfiguration buildConfig() {
  9. CorsConfiguration corsConfiguration = new CorsConfiguration();
  10. corsConfiguration.addAllowedOrigin("*"); // 1允许任何域名使用
  11. corsConfiguration.addAllowedHeader("*"); // 2允许任何头
  12. corsConfiguration.addAllowedMethod("*"); // 3允许任何方法(post、get等)
  13. return corsConfiguration;
  14. }
  15. @Bean
  16. public CorsFilter corsFilter() {
  17. UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  18. source.registerCorsConfiguration("/**", buildConfig()); // 4
  19. return new CorsFilter(source);
  20. }
  21. }
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
public class CorsConfig {  
    private CorsConfiguration buildConfig() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();  
        corsConfiguration.addAllowedOrigin("*"); // 1允许任何域名使用
        corsConfiguration.addAllowedHeader("*"); // 2允许任何头
        corsConfiguration.addAllowedMethod("*"); // 3允许任何方法(post、get等) 
        return corsConfiguration;  
    }  
  
    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", buildConfig()); // 4  
        return new CorsFilter(source);
    }  
}

还需要另外在WebSecurityConfigurerAdapter的继承类的configure(HttpSecurity http)方法中配置cors,如下:

http.cors()

把上面两种配置都加上后跨域问题解决。