springMVC与springSecurity跨域实现
当使用springSecurity,因为springsecurity会拦截调用http请求,所以cors需要配置在springSecurity拦截器之前,如
@Override
public void configure(HttpSecurity http) throws Exception {
http.cors().configurationSource(configurationSource()).and().csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().addFilterBefore(new JWTFilter(cacheService), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout().logoutUrl("/user/logout").addLogoutHandler((q, p, a) -> cacheService.delete(LOGIN_USER + SecurityUserUtils.getCurrentUserPhoneNum()));
}
/**
* @Title: configurationSource
* @Description: 设置跨域
* @return: org.springframework.web.cors.CorsConfigurationSource
*/
private CorsConfigurationSource configurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
config.setMaxAge(3600l);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return source;
}