博客

Spring boot+Spring security跨域返回302

  • Post author:
  • Post category:其他



问题:


前后端分离,后端使用的Spring boot+Spring security

调试过程中前端需要跨域访问后端的接口获取数据,尝试了网上提供的N种跨域方案都是返回302

调试发现,登录拦截器这边获取不到用户的登录信息,所以一直重定向到登录页面


解决过程:


参考资料:


https://www.cnblogs.com/yuarvin/p/10923280.html



https://www.jianshu.com/p/5c637bfcc674

应该是预检OPTIOINS请求没有携带登录信息,所以一直被重定向

尝试这样处理了一下,如果是OPTIONS请求则直接返回204,结束该请求,问题得到解决

下面贴一下我在项目中的配置: 

@Component
public class CorsInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
        // 此处配置的是允许任意域名跨域请求,可根据需求指定
        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS");
        response.setHeader("Access-Control-Max-Age", "3600");
        //这个我是根据项目来定的
        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Range, X-E4M-With, X-Request-With");

        // 如果是OPTIONS则结束请求
        if (HttpMethod.OPTIONS.toString().equals(request.getMethod())) {
            response.setStatus(HttpStatus.NO_CONTENT.value());
            return false;
        }

        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}

@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
	...........................

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
    	// 跨域拦截器
        registry.addInterceptor(corsInterceptor)
                .addPathPatterns("/**");
         // 登录拦截器
        registry.addInterceptor(userExpiredInterceptor)
                .addPathPatterns("/**").excludePathPatterns("/webservice/**", "/", "/error", "/getImage");
        
        super.addInterceptors(registry);
    }
    
    ............................
   
}

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        ...............................................
        //开启跨域 cors()
        http.cors().and().csrf().disable().authorizeRequests()
                //处理跨域请求中的Preflight请求
                .requestMatchers(CorsUtils::isPreFlightRequest).permitAll();
		..............................................
    }

如有错误,请指正,谢谢!


版权声明:本文为weixin_37290284原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。