项目场景:Oauth2访问预请求问题
在我们做spring security oauth2的时候,前端在请求oauth2的时候,会进行一次预请求,通常情况下,预请求会报错,我们该怎么解决
问题描述:
oauth2报错为401 ,无论我们进行什么样的跨域处理,都会报错,原因是因为oauth/token这个接口,这时候,我们不能想这怎么让这个options通过请求,毕竟没必要,也不能关闭options,因为不是所有的用户都用一种浏览器,万一产生问题,后果可就大了。
解决方案:
我们可以直接在请求信息中获取浏览器请求信息,将options请求全安全的挡回去,这样,就行了(前提是你的请求是没有问题的)
代码奉上
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsConfig implements Filter {
@Override
public void init(FilterConfig fc) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) resp;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN");
response.setHeader("Access-Control-Allow-Credentials", "true");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, resp);
}
}
@Override
public void destroy() {
}
}
这样就解决了。