今天在搭建项目的时候遇到了Oauth2获取AccessToken跨域访问的问题,之前关于这块都是自己去实现,这次打算用Oauth2来集成SpringBoot。项目依赖如下:
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.2.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
项目搭建好后用PostMan测试一切正常,发布到测试环境后前端的伙伴去调用的时候发现存在跨域问题,自己也写一个Ajax的案例测试了下确实存在跨域问题,首先想到的是通过配置HttpSecurity去解决:
http
.cors()
.and()
.csrf().disable();
配置如上,但是发现还是不行,最后又在网上找资料,发现说这么配置可以:
http.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll();
试了之后发现也不行,最后通过跟踪/access/token的源码,采用了这种方式:
package com.xz.process.config;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
public class CORSFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin","*");
response.setHeader("Access-Control-Allow-Credentials","true");
response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,PUT,DELETE,PATCH,HEAD");
response.setHeader("Access-Control-Allow-Max-Age","3600");
response.setHeader("Access-Control-Allow-Headers","*");
if("OPTIONS".equalsIgnoreCase(request.getMethod())){
response.setStatus(HttpServletResponse.SC_OK);
}else{
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
}
}
问题解决。
有问题的在下方评论,技术问题可以私聊我。