在spring boot从2.2.5升级到2.5.15,同时springcloud从Hoxton.SR5升级到2020.0.5之后,任何请求都响应401未认证登录,但实际上请求带上了对应的token,是登录了的。
多次测试发现,只有在请求头加上Origin,且Origin与服务所在ip不同源时,才会出现401响应,然后正式使用中,浏览器请求均是添加上Origin请求头的,且Origin通常是通过nginx代理或者网关等转发,与服务真实所在地址是不同源的,所以无法避免,只能解决。
解决方案
添加过滤器,设定响应Access-Control-Allow-Origin为与请求Origin相同,允许被Origin来源访问资源、Access-Control-Allow-Credentials为允许将响应暴露给前端。两个属性缺一不可。过滤器代码如下。
import com.alibaba.fastjson.JSON;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebFilter
public class CorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
String origin = request.getHeader("Origin");
System.out.println(request.getRemoteAddr());
System.out.println(JSON.toJSONString(request.getParameterMap()));
response.setHeader("Access-Control-Allow-Origin", origin);
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization,token");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.setCharacterEncoding("UTF-8");
String method = request.getMethod();
if (method.equalsIgnoreCase("OPTIONS")) {
servletResponse.getOutputStream().write("Success".getBytes("utf-8"));
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
}
@Override
public void destroy() {
}
}
成功解决401问题,完成版本升级