2016-12-29 14 views
1

我々はそれが常に次のエラーに実行axiosクライアントを使用して、ノードサーバからAPIにアクセスする場合:春ブーツとのOAuth2 CORS

XMLHttpRequest cannot load http://localhost:8089/public/api. Redirect from 'http://localhost:8089/public/api/' to 'http://localhost:8089/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3002' is therefore not allowed access. 

私の設定を次のように:

import java.security.Principal; 
import java.util.ArrayList; 
import java.util.LinkedHashMap; 
import java.util.List; 
import java.util.Map; 

import javax.servlet.Filter; 

import org.apache.catalina.filters.CorsFilter; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.boot.SpringApplication; 
import org.springframework.boot.autoconfigure.SpringBootApplication; 
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties; 
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices; 
import org.springframework.boot.context.properties.ConfigurationProperties; 
import org.springframework.boot.context.properties.NestedConfigurationProperty; 
import org.springframework.boot.web.servlet.FilterRegistrationBean; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.core.annotation.Order; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.oauth2.client.OAuth2ClientContext; 
import org.springframework.security.oauth2.client.OAuth2RestTemplate; 
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter; 
import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter; 
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails; 
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails; 
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; 
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client; 
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; 
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; 
import org.springframework.security.web.access.channel.ChannelProcessingFilter; 
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; 
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; 
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; 
import org.springframework.web.bind.annotation.RequestMapping; 
import org.springframework.web.bind.annotation.RestController; 
import org.springframework.web.cors.CorsUtils; 
import org.springframework.web.filter.CompositeFilter; 

@SpringBootApplication 
@EnableOAuth2Client 
@EnableAuthorizationServer 
@Order(6) 
public class MonitoringApiApplication extends WebSecurityConfigurerAdapter { 

    @Autowired 
    OAuth2ClientContext oauth2ClientContext; 
    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     // @formatter:off 
     http 
       .antMatcher("/**").authorizeRequests().antMatchers("/","/user**", "/login**", "/webjars/**").permitAll().anyRequest() 

       .authenticated().and().exceptionHandling() 
       .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() 
       .logoutSuccessUrl("/").permitAll().and().csrf().disable() 
       .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); 

     // @formatter:on 
    } 

    @Configuration 
    @EnableResourceServer 
    protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { 
     @Override 
     public void configure(HttpSecurity http) throws Exception { 
      // @formatter:off 
      http.antMatcher("/me").authorizeRequests().anyRequest().authenticated(); 
      // @formatter:on 
     } 
    } 

    public static void main(String[] args) { 

     SpringApplication.run(MonitoringApiApplication.class, args); 
    } 

    @Bean 
    public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) { 
     FilterRegistrationBean registration = new FilterRegistrationBean(); 
     registration.setFilter(filter); 
     registration.setOrder(-100); 
     return registration; 
    } 

    @Bean 
    @ConfigurationProperties("github") 
    public ClientResources github() { 
     return new ClientResources(); 
    } 

    @Bean 
    @ConfigurationProperties("facebook") 
    public ClientResources facebook() { 
     return new ClientResources(); 
    } 

    private Filter ssoFilter() { 
     CompositeFilter filter = new CompositeFilter(); 
     List<Filter> filters = new ArrayList<>(); 
     filters.add(ssoFilter(facebook(), "/login/facebook")); 
     filters.add(ssoFilter(github(), "/login/github")); 
     filter.setFilters(filters); 
     return filter; 
    } 

    private Filter ssoFilter(ClientResources client, String path) { 
     OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter = new OAuth2ClientAuthenticationProcessingFilter(
       path); 
     OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext); 
     oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate); 
     UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(), 
       client.getClient().getClientId()); 
     tokenServices.setRestTemplate(oAuth2RestTemplate); 
     oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices); 
     return oAuth2ClientAuthenticationFilter; 
    } 

} 

class ClientResources { 

    @NestedConfigurationProperty 
    private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails(); 

    @NestedConfigurationProperty 
    private ResourceServerProperties resource = new ResourceServerProperties(); 

    public AuthorizationCodeResourceDetails getClient() { 
     return client; 
    } 

    public ResourceServerProperties getResource() { 
     return resource; 
    } 
} 

フィルタの設定を:

@Bean 
public FilterRegistrationBean corsFilter() { 
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); 
    CorsConfiguration config = new CorsConfiguration(); 
    config.setAllowCredentials(true); 
    config.addAllowedOrigin("http://localhost:3002"); 
    config.addAllowedHeader("*"); 
    config.addAllowedMethod("*"); 
    source.registerCorsConfiguration("/**", config); 
    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source)); 
    bean.setOrder(0); 
    return bean; 
} 

春のブートバージョン:

<parent> 
    <groupId>org.springframework.boot</groupId> 
    <artifactId>spring-boot-starter-parent</artifactId> 
    <version>1.4.0.RELEASE</version> 
    <relativePath/> <!-- lookup parent from repository --> 
</parent> 

私が働いていた

+0

かもしれないhttp://stackoverflow.com/questions/35035055/spring-boot-and-cors?rq=1はあなたに何らかの助けがあります –

答えて

2

あなたの偽の原点に*が、誰にも負けない/パブリック/ **それはenpointsがssoFilter()によって保護されていないことを意味する、働くantMatchersに、私が試してみました資格情報を追加した場合このhttp.cors()。と()。csrf()。disable()を追加する必要があります。また、SecurityConfigファイル内のフィルタも削除します。

@Bean 
CorsConfigurationSource corsConfigurationSource() { 
    CorsConfiguration configuration = new CorsConfiguration(); 
    configuration.setAllowedOrigins("*"); 
    configuration.addAllowedHeader("*"); 
    configuration.addAllowedMethod("*"); 
    configuration.setAllowCredentials(true); 
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); 
    source.registerCorsConfiguration("/**", configuration); 
    return source; 
} 

最新のバージョンのスプリングセキュリティが必要です。

+0

すべてのドキュメント、stackoverflow、Googleの例を実行した後、これは唯一のものですそれが私のためにCORSを有効にすると思う。 – BigDong