admin/authorization-server-standalone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

配置cors

Browse Source
This commit is contained in:
wangjianhong
2025-07-17 16:19:29 +08:00
parent 144fa79201
commit 6a5d7a6be4
2 changed files with 15 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/main/java/com/arrokoth/standalone/authorization/config/CorsConfig.java
View File

@@ -1,15 +1,17 @@
package com.arrokoth.standalone.authorization.config; package com.arrokoth.standalone.authorization.config;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import java.util.List;
/** /**
* CorsConfig 是一个 Spring 配置类。 * CorsConfig 是一个 Spring 配置类。
* 用于全局配置跨域资源共享CORS允许前端应用访问后端 API。 * 用于全局配置跨域资源共享CORS允许前端应用访问后端 API。
* * <p>
* 此配置适用于前后端分离架构中常见的跨域请求问题。 * 此配置适用于前后端分离架构中常见的跨域请求问题。
*/ */
@Slf4j // 使用 Lombok 提供的日志记录器 @Slf4j // 使用 Lombok 提供的日志记录器
@@ -48,29 +50,23 @@ public class CorsConfig {
*/ */
private CorsConfiguration buildConfig() { private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration(); CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin(DEFAULT_ALLOWED_ORIGINS); // 允许任意来源
corsConfiguration.addAllowedHeader(DEFAULT_ALLOWED_HEADERS); // 允许任意请求头 corsConfiguration.addAllowedHeader(DEFAULT_ALLOWED_HEADERS); // 允许任意请求头
corsConfiguration.addAllowedMethod(DEFAULT_ALLOWED_METHODS); // 允许指定的方法 corsConfiguration.addAllowedMethod(DEFAULT_ALLOWED_METHODS); // 允许指定的方法
corsConfiguration.setMaxAge(Long.parseLong(DEFAULT_MAX_AGE)); // 设置预检请求缓存时间 corsConfiguration.setMaxAge(Long.parseLong(DEFAULT_MAX_AGE)); // 设置预检请求缓存时间
corsConfiguration.setAllowedOrigins(List.of(DEFAULT_ALLOWED_ORIGINS)); // 允许任意来源
corsConfiguration.setAllowCredentials(false); // 是否允许发送 Cookie跨域请求中携带认证信息 // 如果是 trueallowedOrigins 不能设为 "*"
// 设置暴露给客户端的响应头(可选)
corsConfiguration.setExposedHeaders(List.of("X-Custom-Header"));
// 记录日志信息
log.debug("Initializing CorsFilter , the default allowed origins is `{}`, allowed headers is `{}`, allowed methods is `{}`, max age is `{}`",
DEFAULT_ALLOWED_ORIGINS, DEFAULT_ALLOWED_HEADERS, DEFAULT_ALLOWED_METHODS, DEFAULT_MAX_AGE);
return corsConfiguration; return corsConfiguration;
} }
/** @Bean
* 创建并注册一个全局的 CorsFilter Bean。 UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource() {
* 该过滤器将上述 CORS 策略应用到所有路径(/**)上。
*
* @return CorsFilter 实例
*/
// @Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", buildConfig()); // 对所有路径启用 CORS 配置 source.registerCorsConfiguration("/**", buildConfig()); // 对所有路径启用 CORS 配置
return source;
// 记录日志信息
log.debug("Initializing CorsFilter , the default allowed origins is `{}`," +
" allowed headers is `{}`, allowed methods is `{}`, max age is `{}`",
DEFAULT_ALLOWED_ORIGINS, DEFAULT_ALLOWED_HEADERS, DEFAULT_ALLOWED_METHODS, DEFAULT_MAX_AGE);
return new CorsFilter(source);
} }
} }

22
src/main/java/com/arrokoth/standalone/authorization/config/SecurityWebAutoConfigurer.java
View File

@@ -16,11 +16,6 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.List;
@Slf4j @Slf4j
@Configuration @Configuration
@@ -37,7 +32,7 @@ public class SecurityWebAutoConfigurer {
log.debug("Configuring default security filter chain"); log.debug("Configuring default security filter chain");
http http
.csrf(AbstractHttpConfigurer::disable) // 前后端分离通常关闭CSRF .csrf(AbstractHttpConfigurer::disable) // 前后端分离通常关闭CSRF
.cors(AbstractHttpConfigurer::disable) // 前后端分离通常关闭CSRF .cors(AbstractHttpConfigurer::disable)
.sessionManagement(session -> session .sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)) // 无状态Session .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)) // 无状态Session
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
@@ -71,20 +66,5 @@ public class SecurityWebAutoConfigurer {
return authenticationConfiguration.getAuthenticationManager(); return authenticationConfiguration.getAuthenticationManager();
} }
@Bean
public CorsConfigurationSource corsConfigurationSource() {
log.info("Configuring cors configuration source");
CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedOrigin(CorsConfig.DEFAULT_ALLOWED_ORIGINS); // 允许任意来源
configuration.addAllowedHeader(CorsConfig.DEFAULT_ALLOWED_HEADERS); // 允许任意请求头
configuration.addAllowedMethod(CorsConfig.DEFAULT_ALLOWED_METHODS); // 允许指定的方法
configuration.setMaxAge(Long.parseLong(CorsConfig.DEFAULT_MAX_AGE)); // 设置预检请求缓存时间
configuration.setAllowedOrigins(List.of("*")); // 替换为前端域名
configuration.setAllowCredentials(false);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
} }