SpringSecurity配置跨域訪問
阿新 • • 發佈:2020-12-11
技術標籤:SpringBootSpringSpringSecurityspring跨域CorsFilter
說明
java後端web服務有很多種方法可以實現跨域訪問,配置很簡單,今天這裡我們用SpringSecurity的方式配置跨域訪問,配置方法如下:
package com.wisea.config;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org. springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.setAllowCredentials(true);
source.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(source);
}
}
其他
看網上的配置裡會有程式碼如下:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
...
}
實際上並不起什麼作用,總結,當工程中開啟了@EnableWebSecurity的時候,我們只需要讓spring容器中存在一個CorsFilter的跨域過濾器即可。