当我用nginx正向代理前台到后端服务时,浏览器报了CROS的错误,我就纳闷了,我后台配置了跨域啊
package com.hongseng.app.config.webmvc;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
/**
* 类功能描述: CorsConfig
*
* @author Eternal
* @date 2019-11-26 15:11
*/
@Configuration
public class WebMvcConfig extends WebMvcConfigurationSupport {
@Value("${spring.servlet.multipart.location}")
private String uploadFileUrl;
/**
* 跨域配置
*
* @param registry
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("POST", "GET", "PUT", "DELETE", "OPTIONS")
.maxAge(3600)
// 是否允许发送Cookie
.allowCredentials(true)
.allowedHeaders("*");
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
// 静态文件
registry.addResourceHandler("**").addResourceLocations("classpath:/static/");
// swagger
registry.addResourceHandler("swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
// 上传文件
registry.addResourceHandler("/file/**").addResourceLocations("file:/" + uploadFileUrl);
}
}
难道是这个文件没起到作用?不可能啊,其他项目也是这个框架都有用啊,单独这个项目用到了springSecurity,那肯定是它的问题了
博友告知:SpringSecurity也要配置跨域
package com.hongseng.app.config.security;
import annotation.AnonymousAccess;
import com.hongseng.app.config.jwtfilter.JWTAuthorizationFilter;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
/**
* @program: spring-security
* @description:
* @author: fbl
* @create: 2020-12-01 14:40
**/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final ApplicationContext applicationContext;
SecurityConfig(ApplicationContext applicationContext){
this.applicationContext = applicationContext;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// 搜寻匿名标记 url: @AnonymousAccess
Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
Set<String> anonymousUrls = new HashSet<>();
for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethodMap.entrySet()) {
HandlerMethod handlerMethod = infoEntry.getValue();
AnonymousAccess anonymousAccess = handlerMethod.getMethodAnnotation(AnonymousAccess.class);
if (null != anonymousAccess) {
anonymousUrls.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());
}
}
// 开启跨域
http.cors().and()
// 禁用 CSRF
.csrf().disable().authorizeRequests().and()
// 防止iframe 造成跨域
.headers()
.frameOptions()
.disable()
// 不创建会话
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and();
http
.authorizeRequests() // 授权配置
// 自定义匿名访问所有url放行 : 允许匿名和带权限以及登录用户访问
.antMatchers(anonymousUrls.toArray(new String[0])).permitAll()
// 阿里巴巴 druid
.antMatchers("/druid/**").permitAll()
.antMatchers("/default/**").permitAll()
.antMatchers("/").permitAll()
// swagger 文档
.antMatchers("/swagger-ui.html").permitAll()
.antMatchers("/swagger-resources/**").permitAll()
.antMatchers("swagger/**").permitAll()
.antMatchers("/webjars/**").permitAll()
.antMatchers("/swagger-ui.html/*").permitAll()
.antMatchers("/swagger-resources").permitAll()
.antMatchers("/*/api-docs").permitAll()
.antMatchers("/v2/api-docs-ext").permitAll()
// 静态资源等等
.antMatchers(
HttpMethod.GET,
"/*.html",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/**/*.svg",
"/**/*.ico",
"/**/*.png",
"/**/*.jpg",
"/**/*.xlsx",
"/webSocket/**"
).permitAll()
// anyRequest 只能配置一个,多个会报错
.anyRequest().authenticated()
//其他接口需要登录后才能访问
.and()
.addFilter(new JWTAuthorizationFilter(authenticationManager()));
}
/**
* 自定义用户名和密码有2种方式,一种是在代码中写死 另一种是使用数据库
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
主要是这个:
// 开启跨域
http.cors().and()