Spring Data REST (2.4.4.RELEASE) 和 CORS

Posted

技术标签:

【中文标题】Spring Data REST (2.4.4.RELEASE) 和 CORS【英文标题】:Spring Data REST (2.4.4.RELEASE) and CORS 【发布时间】:2016-08-16 16:10:54 【问题描述】:

我正在尝试按照 Spring Data Rest and Cors 中的 Sebastien Deleuze 建议将 CORS 支持添加到 Access JPA Data with REST gs-accessing-data-rest-complete

@Configuration
public class ApplicationConfiguration 
  @Bean
  public CorsFilter corsFilter() 

    UrlBasedCorsConfigurationSource source = 
      new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true); // you USUALLY want this
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("PUT");
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);

或者,或者:

@Configuration
public class ApplicationConfiguration 
  @Bean
  public FilterRegistrationBean corsFilter() 
    UrlBasedCorsConfigurationSource source = 
        new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("OPTIONS");
    config.addAllowedMethod("HEAD");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("PUT");
    config.addAllowedMethod("POST");
    config.addAllowedMethod("DELETE");
    config.addAllowedMethod("PATCH");
    source.registerCorsConfiguration("/**", config);
    // return new CorsFilter(source);
    final FilterRegistrationBean bean = new FilterRegistrationBean(
        new CorsFilter(source)
    );
    bean.setOrder(0);
    return bean;

但两种配置都会导致相同的响应,但不包含 Access-Control-Allow-Origin 标头:

~> curl -v http://localhost:8080/people
* Connected to localhost (::1) port 8080 (#0)
> GET /people HTTP/1.1
> Host: localhost:8080
> Accept: */*
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Content-Type: application/hal+json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Fri, 22 Apr 2016 21:29:26 GMT

  "_embedded" : 
    "people" : [ 
      "firstName" : "Frodo",
      "lastName" : "Baggins",
      "_links" :  "self" : 
          "href" : "http://localhost:8080/people/1"
        , "person" : 
          "href" : "http://localhost:8080/people/1"
           ]     // for readability
  , "_links" : 
    "self" : 
      "href" : "http://localhost:8080/people"
    , "profile" : 
      "href" : "http://localhost:8080/profile/people"
    , "search" : 
      "href" : "http://localhost:8080/people/search"
    
  , "page" : 
    "size" : 20,
    "totalElements" : 1,
    "totalPages" : 1,
    "number" : 0
  
* Connection #0 to host localhost left intact

依赖的版本是:

~/gs-accessing-data-rest-complete> mvn dependency:tree
[INFO] Scanning for projects...
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building gs-accessing-data-rest 0.1.0
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:2.10:tree (default-cli) @ gs-accessing-data-rest ---
[INFO] org.springframework:gs-accessing-data-rest:jar:0.1.0
[INFO] +- org.springframework.boot:spring-boot-starter-data-rest:jar:1.3.3.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:1.3.3.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:1.3.3.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-autoconfigure:jar:1.3.3.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:1.3.3.RELEASE:compile
[INFO] |  |  |  +- ch.qos.logback:logback-classic:jar:1.1.5:compile
[INFO] |  |  |  |  \- ch.qos.logback:logback-core:jar:1.1.5:compile
[INFO] |  |  |  +- org.slf4j:jul-to-slf4j:jar:1.7.16:compile
[INFO] |  |  |  \- org.slf4j:log4j-over-slf4j:jar:1.7.16:compile
[INFO] |  |  +- org.springframework:spring-core:jar:4.2.5.RELEASE:compile
[INFO] |  |  \- org.yaml:snakeyaml:jar:1.16:runtime
[INFO] |  +- org.springframework.boot:spring-boot-starter-web:jar:1.3.3.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:1.3.3.RELEASE:compile
[INFO] |  |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.0.32:compile
[INFO] |  |  |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.0.32:compile
[INFO] |  |  |  +- org.apache.tomcat.embed:tomcat-embed-logging-juli:jar:8.0.32:compile
[INFO] |  |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.0.32:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-validation:jar:1.3.3.RELEASE:compile
[INFO] |  |  |  \- org.hibernate:hibernate-validator:jar:5.2.4.Final:compile
[INFO] |  |  |     +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] |  |  |     \- com.fasterxml:classmate:jar:1.1.0:compile
[INFO] |  |  +- org.springframework:spring-web:jar:4.2.5.RELEASE:compile
[INFO] |  |  \- org.springframework:spring-webmvc:jar:4.2.5.RELEASE:compile
[INFO] |  |     \- org.springframework:spring-expression:jar:4.2.5.RELEASE:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.6.5:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.6.5:compile
[INFO] |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.6.5:compile
[INFO] |  \- org.springframework.data:spring-data-rest-webmvc:jar:2.4.4.RELEASE:compile
[INFO] |     +- org.springframework.data:spring-data-rest-core:jar:2.4.4.RELEASE:compile
[INFO] |     |  +- org.springframework.hateoas:spring-hateoas:jar:0.19.0.RELEASE:compile
[INFO] |     |  +- org.springframework.plugin:spring-plugin-core:jar:1.2.0.RELEASE:compile
[INFO] |     |  \- org.atteo:evo-inflector:jar:1.2.1:compile
[INFO] |     +- com.github.fge:json-patch:jar:1.7:compile
[INFO] |     |  +- com.github.fge:jackson-coreutils:jar:1.6:compile
[INFO] |     |  |  +- com.github.fge:msg-simple:jar:1.1:compile
[INFO] |     |  |  |  \- com.github.fge:btf:jar:1.2:compile
[INFO] |     |  |  \- com.google.guava:guava:jar:16.0.1:compile
[INFO] |     |  \- com.google.code.findbugs:jsr305:jar:2.0.1:compile
[INFO] |     +- org.slf4j:slf4j-api:jar:1.7.16:compile
[INFO] |     \- org.slf4j:jcl-over-slf4j:jar:1.7.16:compile
[INFO] +- org.springframework.boot:spring-boot-starter-data-jpa:jar:1.3.3.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-aop:jar:1.3.3.RELEASE:compile
[INFO] |  |  +- org.springframework:spring-aop:jar:4.2.5.RELEASE:compile
[INFO] |  |  |  \- aopalliance:aopalliance:jar:1.0:compile
[INFO] |  |  \- org.aspectj:aspectjweaver:jar:1.8.8:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-jdbc:jar:1.3.3.RELEASE:compile
[INFO] |  |  +- org.apache.tomcat:tomcat-jdbc:jar:8.0.32:compile
[INFO] |  |  |  \- org.apache.tomcat:tomcat-juli:jar:8.0.32:compile
[INFO] |  |  \- org.springframework:spring-jdbc:jar:4.2.5.RELEASE:compile
[INFO] |  +- org.hibernate:hibernate-entitymanager:jar:4.3.11.Final:compile
[INFO] |  |  +- org.jboss.logging:jboss-logging:jar:3.3.0.Final:compile
[INFO] |  |  +- org.jboss.logging:jboss-logging-annotations:jar:1.2.0.Beta1:compile
[INFO] |  |  +- org.hibernate:hibernate-core:jar:4.3.11.Final:compile
[INFO] |  |  |  +- antlr:antlr:jar:2.7.7:compile
[INFO] |  |  |  \- org.jboss:jandex:jar:1.1.0.Final:compile
[INFO] |  |  +- dom4j:dom4j:jar:1.6.1:compile
[INFO] |  |  |  \- xml-apis:xml-apis:jar:1.0.b2:compile
[INFO] |  |  +- org.hibernate.common:hibernate-commons-annotations:jar:4.0.5.Final:compile
[INFO] |  |  +- org.hibernate.javax.persistence:hibernate-jpa-2.1-api:jar:1.0.0.Final:compile
[INFO] |  |  \- org.javassist:javassist:jar:3.18.1-GA:compile
[INFO] |  +- javax.transaction:javax.transaction-api:jar:1.2:compile
[INFO] |  +- org.springframework.data:spring-data-jpa:jar:1.9.4.RELEASE:compile
[INFO] |  |  +- org.springframework.data:spring-data-commons:jar:1.11.4.RELEASE:compile
[INFO] |  |  +- org.springframework:spring-orm:jar:4.2.5.RELEASE:compile
[INFO] |  |  +- org.springframework:spring-context:jar:4.2.5.RELEASE:compile
[INFO] |  |  +- org.springframework:spring-tx:jar:4.2.5.RELEASE:compile
[INFO] |  |  \- org.springframework:spring-beans:jar:4.2.5.RELEASE:compile
[INFO] |  \- org.springframework:spring-aspects:jar:4.2.5.RELEASE:compile
[INFO] \- com.h2database:h2:jar:1.4.191:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.525 s
[INFO] Finished at: 2016-04-22T15:42:32-06:00
[INFO] Final Memory: 21M/609M
[INFO] ------------------------------------------------------------------------

任何想法我做错了什么?

【问题讨论】:

【参考方案1】:

两种配置都是正确的。只有当它是 CORS 请求时,您才会在响应中看到 Access-Control* 标头;用curl试试这个:

curl -H "Origin: http://someotherorigin.com" -v http://localhost:8080/people

这是输出:

~> curl -H "Origin: http://someotherorigin.com" -v http://localhost:8080/people/1
*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /people/1 HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.42.1
> Accept: */*
> Origin: http://someotherorigin.com
> 
< HTTP/1.1 404 Not Found
< Server: Apache-Coyote/1.1
< Access-Control-Allow-Origin: http://localhost:9001
< Vary: Origin
< Access-Control-Allow-Credentials: true
< Content-Length: 0
< Date: Sat, 23 Apr 2016 13:52:03 GMT
< 
* Connection #0 to host localhost left intact

【讨论】:

谢谢@Biju Kunjummen!这正是 curl 触发 CORS 请求所需要的。 我在我的问题中测试了两个应用程序配置,并且都可以使用您提供的正确 CORS curl 请求。我稍微编辑了您的答案以清楚地表明这一点,并且我还添加了实际输出。

以上是关于Spring Data REST (2.4.4.RELEASE) 和 CORS的主要内容,如果未能解决你的问题,请参考以下文章

排除 Spring-data-rest 资源的部分字段

如何在 Spring-Data-Rest 中实现细粒度的访问控制?

初入spring boot(八 )Spring Data REST

Spring-Data-Rest中时间的数据类型

您如何保护 Spring Boot / Spring-Data Rest 以便用户只能访问他自己的实体

spring-data-rest 集成测试因简单的 json 请求而失败