我有一個Spring啓動應用程序,具有Oauth認證和資源服務器以及一個單一的應用程序。我有一個單獨的服務器上的前端,從一個單獨的位置。我的前端應用程序似乎並沒有進行預檢操作到後端,它總是與401迴應我的配置看起來爲如下:Spring security,OAUTH Cors,選項
// ... annotations
public class OAuthConfig extends WebSecurityConfigurerAdapter {
// ... authencication providers
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/*.html", "layout/**", "/js/**", "/css/**", "/images/**", "/font/**",
"/signup", "/register",
"/oauth/**")
.permitAll()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/oauth/**").permitAll()
;
// @formatter:on
}
// ... beans
}
注意,我不得不添加例外靜態內容爲好,因爲儘管有任何文件,但它似乎沒有以其他方式工作。
// ... annotations
public class MvcConfig extends WebMvcConfigurerAdapter {
// ... resource resolver, view resolver
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
}
我試圖指定更明確,但沒有成功,以及:
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/**").allowedMethods("GET","POST","OPTIONS","DELETE","UPDATE");
registry.addMapping("/register");
registry.addMapping("/signup");
registry.addMapping("/oauth/**").allowedMethods("GET","POST","OPTIONS");
}
//... annotations
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
// ... resource id config
@Override
public void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.anonymous().disable()
.requestMatchers()
.antMatchers("/api/**")
.and()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.and()
.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
//@formatter:on
}
}
在這一點上我無法弄清楚,如果我錯過了什麼重要配置,以通過認證端點(以及API端點的其他部分)實現CORS