2
當我啓用spring-boot-starter-security依賴項時。 CORS支持不起作用。CrossOrigin註釋不適用於彈簧安全性
這是我SecurityConfiguration類:
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return authentication -> {
// ...
};
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf()
// Disabling CSRF
.disable()
// Disabling Session Management
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
// Adding custom REST Authentication filter
.addFilterBefore(new RestAuthenticationFilter(authenticationManager()), LogoutFilter.class)
// Authorizing requests
.authorizeRequests()
.antMatchers("/", "/frontend/login")
.permitAll()
.antMatchers("/api/**", "/frontend/**")
.authenticated()
.antMatchers("/**")
.permitAll();
}
}
我的控制器類有一個CrossOrigin譯註:
@CrossOrigin
@RequestMapping("/frontend")
@RestController
public class FrontEndController extends BaseController {
我可以處理自定義過濾CORS CORS但我想只使用一個Annoation。