Angular 2 + CORS + 带有 Spring Security 的 Spring Boot Rest Controller
Posted
技术标签:
【中文标题】Angular 2 + CORS + 带有 Spring Security 的 Spring Boot Rest Controller【英文标题】:Angular 2 + CORS + Spring Boot Rest Controller with Spring Security 【发布时间】:2018-03-06 17:54:46 【问题描述】:我将 angular2 用于前端和弹簧靴休息控制器。在添加弹簧安全性之前,我的应用程序运行良好。添加安全后,在spring boot rest控制器中不会调用带参数的函数。下面是代码
Rest Controller:
----------------
@RestController
public class JobCleanupServiceController
private static final Logger logger = LoggerFactory.getLogger(JobCleanupServiceController.class);
@Autowired
JobCleanupDAO dao;
@CrossOrigin(origins = "http://localhost:4200")
@RequestMapping("/jobcleanup")
public Collection<JobCleanup> index(@RequestBody String owner)
logger.info("Display All Jobs"+ owner);
return dao.findAll(owner);
@CrossOrigin(origins = "http://localhost:4200")
@RequestMapping("/jobcleanupclosedtickets")
public JobCleanupMetrics getJobCleanupClosedTickets()
logger.info("JobCleanupMetrics getJobCleanupClosedTickets ");
return dao.getJobCleanupClosedTickets();
@CrossOrigin(origins = "http://localhost:4200")
@RequestMapping("/jobcleanuplinechartdata")
public JobCleanupChart getJobCleanupLineChartData(@RequestBody String owner)
return dao.getJobCleanupLineChartData(owner);
WebConfig.java
-------------
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter
@Override
public void addCorsMappings(CorsRegistry registry)
registry.addMapping("/**");
SecurityConfig.java
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
http.cors();
http.authorizeRequests()
.antMatchers(
"/jobcleanup",
"/jobcleanupclosedtickets",
"/jobcleanuplinechartdata"
).permitAll();
@Bean
public CorsConfigurationSource corsConfigurationSource()
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("*"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
在我输入 http://localhost:4200 时添加 spring security 之前,所有这些都被称为“/jobcleanup”, "/jobcleanupclosedtickets", “/jobcleanuplinechartdata”。添加弹簧安全后,仅调用“/jobcleanupclosedtickets”,其他方法不会被调用。 除了 "/jobcleanupclosedtickets" 其他方法都有请求体。
有人可以帮我解决这个问题吗?
【问题讨论】:
【参考方案1】:更新了 SecurityConfig.java,如下所示。默认情况下,在 Spring Security 中启用了 csrf。
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
http.csrf().disable();
http.cors();
@Bean
public CorsConfigurationSource corsConfigurationSource()
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("*"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
【讨论】:
以上是关于Angular 2 + CORS + 带有 Spring Security 的 Spring Boot Rest Controller的主要内容,如果未能解决你的问题,请参考以下文章
带有 Keycloak 的 Angular 和 Spring Boot REST API 的 CORS 问题
带有 Keycloak 的 Angular 和 Spring Boot REST API 的 CORS 问题
带有 CORS 和 Angular 的 .NET Web API 2 在第一篇文章中不起作用
带有 Google 的 OAuth2 - CORS 错误(Angular + Spring boot)[重复]