Satoken,Springsecurity均可生效,已测试
具体原因是跨域过滤器优先级过低,还没有走到跨域配置的filter就被前面的filter打回了,具体可以给过滤器链打断点查看自己的filter是否生效。
使用如下代码setOrder提升过滤器优先级即可,在使用springsecurity时发现不setName无法添加到过滤器链中,请同时按照代码中set一个name
Kotlin:
import org.springframework.boot.web.servlet.FilterRegistrationBean
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.web.cors.CorsConfiguration
import org.springframework.web.cors.UrlBasedCorsConfigurationSource
import org.springframework.web.filter.CorsFilter
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
@Configuration
class CorsConfig : WebMvcConfigurer {
@Bean
fun filterRegistrationBean(): FilterRegistrationBean<*>? {
val corsConfiguration = CorsConfiguration()
//1.允许任何来源
corsConfiguration.addAllowedOriginPattern("*");
//2.允许任何请求头
corsConfiguration.addAllowedHeader(CorsConfiguration.ALL)
//3.允许任何方法
corsConfiguration.addAllowedMethod(CorsConfiguration.ALL)
//4.允许凭证
corsConfiguration.allowCredentials = true
val source = UrlBasedCorsConfigurationSource()
source.registerCorsConfiguration("/**", corsConfiguration)
val corsFilter = CorsFilter(source)
val filterRegistrationBean = FilterRegistrationBean(corsFilter)
filterRegistrationBean.setName("myCorsFilter")
filterRegistrationBean.order = -101
return filterRegistrationBean
}
}
Java:
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Bean
public FilterRegistrationBean<CorsFilter> filterRegistrationBean() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
// 1.允许任何来源
corsConfiguration.addAllowedOriginPattern("*");
// 2.允许任何请求头
corsConfiguration.addAllowedHeader(CorsConfiguration.ALL);
// 3.允许任何方法
corsConfiguration.addAllowedMethod(CorsConfiguration.ALL);
// 4.允许凭证
corsConfiguration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfiguration);
CorsFilter corsFilter = new CorsFilter(source);
FilterRegistrationBean<CorsFilter> filterRegistrationBean = new FilterRegistrationBean<>(corsFilter);
filterRegistrationBean.setName("myCorsFilter");
filterRegistrationBean.setOrder(-101);
return filterRegistrationBean;
}
}