解决!【启用了Security的SpringBoot项目跨域问题】以及【post请求403错误】

目录

  • 一、启用了Security的SpringBoot项目跨域问题
  • 二、post请求403错误


一、启用了Security的SpringBoot项目跨域问题

可以通过以下两种方式来判断Spring Boot项目是否使用了Spring Security:

  1. 查看项目的依赖关系:在项目的pom.xml文件中查找是否包含spring-security相关的依赖项。例如,可以搜索包含"spring-security"或"spring-boot-starter-security"的依赖项。
  2. 搜索项目源代码:在项目的源代码中搜索是否存在Spring Security相关的注释或配置。例如,在项目中搜索带有@SecurityConfig注释的Java类,或者搜索application.properties或application.yml文件中的与安全性相关的属性。

在Spring Boot中使用Spring Security处理安全性问题时,使用Spring提供的跨域支持,创建一个以SecurityConfig命名的JavaClass文件(配置文件),并写入如下代码

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // ...
        http.cors();
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("*"));
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "DELETE", "PUT", "PATCH"));
        configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

至此就解决了前后端访问的跨域问题。

二、post请求403错误

参考这篇博客《SpringSecurity发送post请求403错误》
简言之,在上述配置文件的代码里加一句:

http.csrf().disable();//解决403问题

完整代码如下:

package com.sdcw.program.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // ...
        http.cors();
        http.csrf().disable();//解决403问题
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("*"));
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "DELETE", "PUT", "PATCH"));
        configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

你可能感兴趣的:(SpringBoot,spring,boot,spring,java)