一尘不染

如何在Spring Boot中以Spring Security级别启用CORS

spring-boot

我正在使用使用Spring Security的Spring Boot应用程序。我尝试了@CrossOrigin来启用cors,但是没有用。

Spring Blogs说,当我们使用 Spring Security时 ,必须 在spring安全级别启用cors

我的项目在下面。

谁能解释我应该将那些配置放在哪里以及如何找到spring安全级别。


阅读 510

收藏
2020-05-30

共1个答案

一尘不染

这是一种使Spring Security 4.1通过Spring BOOT 1.5支持CROS的方法

  @Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
           .allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");
    }
}

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        http.csrf().disable();
        http.cors();
    }
    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        final CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(ImmutableList.of("*"));
        configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
        configuration.setAllowCredentials(true);
        configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type"));
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}
2020-05-30