我正在使用keycloak來確保我的休息服務。我指的是給出的教程here。我創造了休息和前端。現在,當我在後端添加keycloak時,當我的前端進行api調用時,出現CORS錯誤。keycloak CORS過濾器彈簧靴
春季啓動Application.java文件看起來是我打電話
@RestController
public class SampleController {
@RequestMapping(value ="/api/getSample",method=RequestMethod.GET)
public string home() {
return new string("demo");
}
}
在application.properties文件看起來像
keycloak.realm = demo
keycloak.auth-server-url = http://localhost:8080/auth
keycloak.ssl-required = external
keycloak.resource = tutorial-backend
keycloak.bearer-only = true
keycloak.credentials.secret = 123123-1231231-123123-1231
keycloak.cors = true
keycloak.securityConstraints[0].securityCollections[0].name = spring secured api
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = admin
keycloak.securityConstraints[0].securityCollections[0].authRoles[1] = user
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /api/*
樣本REST API像
@SpringBootApplication
public class Application
{
public static void main(String[] args)
{
SpringApplication.run(Application.class, args);
}
@Bean
public WebMvcConfigurer corsConfiguration() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/*")
.allowedMethods(HttpMethod.GET.toString(), HttpMethod.POST.toString(),
HttpMethod.PUT.toString(), HttpMethod.DELETE.toString(), HttpMethod.OPTIONS.toString())
.allowedOrigins("*");
}
};
}
}
的keycloak性質
前端keycloak.json屬性包括
{
"realm": "demo",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "tutorial-frontend",
"public-client": true
}
的CORS錯誤,我得到
XMLHttpRequest cannot load http://localhost:8090/api/getSample. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 401.
你可能更喜歡問一個具體的問題。否則,您可能會得到對您而言無效的解決方案。 – Alexander
你能提供整個堆棧跟蹤嗎? –
服務器端沒有錯誤。因此沒有堆棧跟蹤。當我的angularJS應用程序讓剩下的電話打到客戶端時出錯,我在瀏覽器控制檯 – krs8888