SpringBoot2.0+SpringSecurity+Oauth2获取AccessToken跨域CORS访问终极解决方案

今天在搭建项目的时候遇到了Oauth2获取AccessToken跨域访问的问题,之前关于这块都是自己去实现,这次打算用Oauth2来集成SpringBoot。项目依赖如下:

<dependency>
     <groupId>org.springframework.security.oauth</groupId>
     <artifactId>spring-security-oauth2</artifactId>
<version>2.2.1.RELEASE</version>
</dependency>


<dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-oauth2-client</artifactId>
</dependency>

项目搭建好后用PostMan测试一切正常,发布到测试环境后前端的伙伴去调用的时候发现存在跨域问题,自己也写一个Ajax的案例测试了下确实存在跨域问题,首先想到的是通过配置HttpSecurity去解决:

 http
	.cors()
	.and()
	.csrf().disable();

配置如上,但是发现还是不行,最后又在网上找资料,发现说这么配置可以:

http.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll();

试了之后发现也不行,最后通过跟踪/access/token的源码,采用了这种方式:

package com.xz.process.config;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;


@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
public class CORSFilter implements Filter {
 
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
 
    }
 
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        response.setHeader("Access-Control-Allow-Origin","*");
        response.setHeader("Access-Control-Allow-Credentials","true");
        response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,PUT,DELETE,PATCH,HEAD");
        response.setHeader("Access-Control-Allow-Max-Age","3600");
        response.setHeader("Access-Control-Allow-Headers","*");
        if("OPTIONS".equalsIgnoreCase(request.getMethod())){
            response.setStatus(HttpServletResponse.SC_OK);
        }else{
            filterChain.doFilter(servletRequest,servletResponse);
        }
    }
 
    @Override
    public void destroy() {
 
    }
}

问题解决。

有问题的在下方评论,技术问题可以私聊我。

评论 7
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值