解决!【启用了Security的SpringBoot项目跨域问题】以及【post请求403错误】
一、启用了Security的SpringBoot项目跨域问题
可以通过以下两种方式来判断Spring Boot项目是否使用了Spring Security:
- 查看项目的依赖关系:在项目的pom.xml文件中查找是否包含spring-security相关的依赖项。例如,可以搜索包含"spring-security"或"spring-boot-starter-security"的依赖项。
- 搜索项目源代码:在项目的源代码中搜索是否存在Spring Security相关的注释或配置。例如,在项目中搜索带有@SecurityConfig注释的Java类,或者搜索application.properties或application.yml文件中的与安全性相关的属性。
在Spring Boot中使用Spring Security处理安全性问题时,使用Spring提供的跨域支持,创建一个以SecurityConfig命名的JavaClass文件(配置文件),并写入如下代码:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {// ...http.cors();}@Beanpublic CorsConfigurationSource corsConfigurationSource() {CorsConfiguration configuration = new CorsConfiguration();configuration.setAllowedOrigins(Arrays.asList("*"));configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "DELETE", "PUT", "PATCH"));configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();source.registerCorsConfiguration("/**", configuration);return source;}
}
至此就解决了前后端访问的跨域问题。
二、post请求403错误
参考这篇博客《SpringSecurity发送post请求403错误》
简言之,在上述配置文件的代码里加一句:
http.csrf().disable();//解决403问题
完整代码如下:
package com.sdcw.program.config;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;import java.util.Arrays;@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {// ...http.cors();http.csrf().disable();//解决403问题}@Beanpublic CorsConfigurationSource corsConfigurationSource() {CorsConfiguration configuration = new CorsConfiguration();configuration.setAllowedOrigins(Arrays.asList("*"));configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "DELETE", "PUT", "PATCH"));configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();source.registerCorsConfiguration("/**", configuration);return source;}
}