springMVC与springSecurity跨域实现

springMVC与springSecurity跨域实现


当使用springSecurity,因为springsecurity会拦截调用http请求,所以cors需要配置在springSecurity拦截器之前,如

    @Override
    public void configure(HttpSecurity http) throws Exception {
    	http.cors().configurationSource(configurationSource()).and().csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().addFilterBefore(new JWTFilter(cacheService), UsernamePasswordAuthenticationFilter.class)
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .logout().logoutUrl("/user/logout").addLogoutHandler((q, p, a) -> cacheService.delete(LOGIN_USER + SecurityUserUtils.getCurrentUserPhoneNum()));
    }

    /**
     * @Title: configurationSource
     * @Description: 设置跨域
     * @return: org.springframework.web.cors.CorsConfigurationSource
     */
    private CorsConfigurationSource configurationSource() {
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        config.setMaxAge(3600l);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", config);
        return source;
    }
版权声明:本文为liupeng362978375原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。