Spring Data REST (2.4.4.RELEASE) 和 CORS
Posted
技术标签:
【中文标题】Spring Data REST (2.4.4.RELEASE) 和 CORS【英文标题】:Spring Data REST (2.4.4.RELEASE) and CORS 【发布时间】:2016-08-16 16:10:54 【问题描述】:我正在尝试按照 Spring Data Rest and Cors 中的 Sebastien Deleuze 建议将 CORS 支持添加到 Access JPA Data with REST gs-accessing-data-rest-complete
:
@Configuration
public class ApplicationConfiguration
@Bean
public CorsFilter corsFilter()
UrlBasedCorsConfigurationSource source =
new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true); // you USUALLY want this
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
或者,或者:
@Configuration
public class ApplicationConfiguration
@Bean
public FilterRegistrationBean corsFilter()
UrlBasedCorsConfigurationSource source =
new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
// return new CorsFilter(source);
final FilterRegistrationBean bean = new FilterRegistrationBean(
new CorsFilter(source)
);
bean.setOrder(0);
return bean;
但两种配置都会导致相同的响应,但不包含 Access-Control-Allow-Origin
标头:
~> curl -v http://localhost:8080/people
* Connected to localhost (::1) port 8080 (#0)
> GET /people HTTP/1.1
> Host: localhost:8080
> Accept: */*
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Content-Type: application/hal+json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Fri, 22 Apr 2016 21:29:26 GMT
"_embedded" :
"people" : [
"firstName" : "Frodo",
"lastName" : "Baggins",
"_links" : "self" :
"href" : "http://localhost:8080/people/1"
, "person" :
"href" : "http://localhost:8080/people/1"
] // for readability
, "_links" :
"self" :
"href" : "http://localhost:8080/people"
, "profile" :
"href" : "http://localhost:8080/profile/people"
, "search" :
"href" : "http://localhost:8080/people/search"
, "page" :
"size" : 20,
"totalElements" : 1,
"totalPages" : 1,
"number" : 0
* Connection #0 to host localhost left intact
依赖的版本是:
~/gs-accessing-data-rest-complete> mvn dependency:tree
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building gs-accessing-data-rest 0.1.0
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.10:tree (default-cli) @ gs-accessing-data-rest ---
[INFO] org.springframework:gs-accessing-data-rest:jar:0.1.0
[INFO] +- org.springframework.boot:spring-boot-starter-data-rest:jar:1.3.3.RELEASE:compile
[INFO] | +- org.springframework.boot:spring-boot-starter:jar:1.3.3.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot:jar:1.3.3.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-autoconfigure:jar:1.3.3.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-logging:jar:1.3.3.RELEASE:compile
[INFO] | | | +- ch.qos.logback:logback-classic:jar:1.1.5:compile
[INFO] | | | | \- ch.qos.logback:logback-core:jar:1.1.5:compile
[INFO] | | | +- org.slf4j:jul-to-slf4j:jar:1.7.16:compile
[INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.16:compile
[INFO] | | +- org.springframework:spring-core:jar:4.2.5.RELEASE:compile
[INFO] | | \- org.yaml:snakeyaml:jar:1.16:runtime
[INFO] | +- org.springframework.boot:spring-boot-starter-web:jar:1.3.3.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-tomcat:jar:1.3.3.RELEASE:compile
[INFO] | | | +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.0.32:compile
[INFO] | | | +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.0.32:compile
[INFO] | | | +- org.apache.tomcat.embed:tomcat-embed-logging-juli:jar:8.0.32:compile
[INFO] | | | \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.0.32:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-validation:jar:1.3.3.RELEASE:compile
[INFO] | | | \- org.hibernate:hibernate-validator:jar:5.2.4.Final:compile
[INFO] | | | +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] | | | \- com.fasterxml:classmate:jar:1.1.0:compile
[INFO] | | +- org.springframework:spring-web:jar:4.2.5.RELEASE:compile
[INFO] | | \- org.springframework:spring-webmvc:jar:4.2.5.RELEASE:compile
[INFO] | | \- org.springframework:spring-expression:jar:4.2.5.RELEASE:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.6.5:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-databind:jar:2.6.5:compile
[INFO] | | \- com.fasterxml.jackson.core:jackson-core:jar:2.6.5:compile
[INFO] | \- org.springframework.data:spring-data-rest-webmvc:jar:2.4.4.RELEASE:compile
[INFO] | +- org.springframework.data:spring-data-rest-core:jar:2.4.4.RELEASE:compile
[INFO] | | +- org.springframework.hateoas:spring-hateoas:jar:0.19.0.RELEASE:compile
[INFO] | | +- org.springframework.plugin:spring-plugin-core:jar:1.2.0.RELEASE:compile
[INFO] | | \- org.atteo:evo-inflector:jar:1.2.1:compile
[INFO] | +- com.github.fge:json-patch:jar:1.7:compile
[INFO] | | +- com.github.fge:jackson-coreutils:jar:1.6:compile
[INFO] | | | +- com.github.fge:msg-simple:jar:1.1:compile
[INFO] | | | | \- com.github.fge:btf:jar:1.2:compile
[INFO] | | | \- com.google.guava:guava:jar:16.0.1:compile
[INFO] | | \- com.google.code.findbugs:jsr305:jar:2.0.1:compile
[INFO] | +- org.slf4j:slf4j-api:jar:1.7.16:compile
[INFO] | \- org.slf4j:jcl-over-slf4j:jar:1.7.16:compile
[INFO] +- org.springframework.boot:spring-boot-starter-data-jpa:jar:1.3.3.RELEASE:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-aop:jar:1.3.3.RELEASE:compile
[INFO] | | +- org.springframework:spring-aop:jar:4.2.5.RELEASE:compile
[INFO] | | | \- aopalliance:aopalliance:jar:1.0:compile
[INFO] | | \- org.aspectj:aspectjweaver:jar:1.8.8:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-jdbc:jar:1.3.3.RELEASE:compile
[INFO] | | +- org.apache.tomcat:tomcat-jdbc:jar:8.0.32:compile
[INFO] | | | \- org.apache.tomcat:tomcat-juli:jar:8.0.32:compile
[INFO] | | \- org.springframework:spring-jdbc:jar:4.2.5.RELEASE:compile
[INFO] | +- org.hibernate:hibernate-entitymanager:jar:4.3.11.Final:compile
[INFO] | | +- org.jboss.logging:jboss-logging:jar:3.3.0.Final:compile
[INFO] | | +- org.jboss.logging:jboss-logging-annotations:jar:1.2.0.Beta1:compile
[INFO] | | +- org.hibernate:hibernate-core:jar:4.3.11.Final:compile
[INFO] | | | +- antlr:antlr:jar:2.7.7:compile
[INFO] | | | \- org.jboss:jandex:jar:1.1.0.Final:compile
[INFO] | | +- dom4j:dom4j:jar:1.6.1:compile
[INFO] | | | \- xml-apis:xml-apis:jar:1.0.b2:compile
[INFO] | | +- org.hibernate.common:hibernate-commons-annotations:jar:4.0.5.Final:compile
[INFO] | | +- org.hibernate.javax.persistence:hibernate-jpa-2.1-api:jar:1.0.0.Final:compile
[INFO] | | \- org.javassist:javassist:jar:3.18.1-GA:compile
[INFO] | +- javax.transaction:javax.transaction-api:jar:1.2:compile
[INFO] | +- org.springframework.data:spring-data-jpa:jar:1.9.4.RELEASE:compile
[INFO] | | +- org.springframework.data:spring-data-commons:jar:1.11.4.RELEASE:compile
[INFO] | | +- org.springframework:spring-orm:jar:4.2.5.RELEASE:compile
[INFO] | | +- org.springframework:spring-context:jar:4.2.5.RELEASE:compile
[INFO] | | +- org.springframework:spring-tx:jar:4.2.5.RELEASE:compile
[INFO] | | \- org.springframework:spring-beans:jar:4.2.5.RELEASE:compile
[INFO] | \- org.springframework:spring-aspects:jar:4.2.5.RELEASE:compile
[INFO] \- com.h2database:h2:jar:1.4.191:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.525 s
[INFO] Finished at: 2016-04-22T15:42:32-06:00
[INFO] Final Memory: 21M/609M
[INFO] ------------------------------------------------------------------------
任何想法我做错了什么?
【问题讨论】:
【参考方案1】:两种配置都是正确的。只有当它是 CORS 请求时,您才会在响应中看到 Access-Control*
标头;用curl
试试这个:
curl -H "Origin: http://someotherorigin.com" -v http://localhost:8080/people
这是输出:
~> curl -H "Origin: http://someotherorigin.com" -v http://localhost:8080/people/1
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /people/1 HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.42.1
> Accept: */*
> Origin: http://someotherorigin.com
>
< HTTP/1.1 404 Not Found
< Server: Apache-Coyote/1.1
< Access-Control-Allow-Origin: http://localhost:9001
< Vary: Origin
< Access-Control-Allow-Credentials: true
< Content-Length: 0
< Date: Sat, 23 Apr 2016 13:52:03 GMT
<
* Connection #0 to host localhost left intact
【讨论】:
谢谢@Biju Kunjummen!这正是curl
触发 CORS 请求所需要的。
我在我的问题中测试了两个应用程序配置,并且都可以使用您提供的正确 CORS curl
请求。我稍微编辑了您的答案以清楚地表明这一点,并且我还添加了实际输出。以上是关于Spring Data REST (2.4.4.RELEASE) 和 CORS的主要内容,如果未能解决你的问题,请参考以下文章
如何在 Spring-Data-Rest 中实现细粒度的访问控制?
初入spring boot(八 )Spring Data REST