使用Grails 3配置CORS
使用Grails 3配置CORS
提问于 2016-10-06 21:35:07
我正在尝试使用这个插件在Grails 3.1.12应用程序中启用CORS支持:https://github.com/appcela/grails3-cors-interceptor
我按照文档进行了操作,下面是我在application.groovy中的安全配置:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/index', access: ['permitAll']],
[pattern: '/index.gsp', access: ['permitAll']],
[pattern: '/shutdown', access: ['permitAll']],
[pattern: '/assets/**', access: ['permitAll']],
[pattern: '/**/js/**', access: ['permitAll']],
[pattern: '/**/css/**', access: ['permitAll']],
[pattern: '/**/images/**', access: ['permitAll']],
[pattern: '/**/favicon.ico', access: ['permitAll']],
// EDIT: block all other URL access
[pattern: '/**', access: ['denyAll'], httpMethod: 'GET'],
[pattern: '/**', access: ['denyAll'], httpMethod: 'POST'],
[pattern: '/**', access: ['denyAll'], httpMethod: 'PUT'],
[pattern: '/**', access: ['denyAll'], httpMethod: 'DELETE']
]
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none'],
[pattern: '/api/login', filters: 'securityCorsFilter,restAuthenticationFilter'],
// see http://alvarosanchez.github.io/grails-angularjs-springsecurity-workshop/
// [pattern: '/**', filters: 'JOINED_FILTERS'],
[
pattern: '/api/**',
filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
]
]
// EDIT: Optimistic approach (restrict access by URL only) to allow 'OPTIONS' access for CORS
grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = false我的问题是,当我发送一个OPTIONS请求到我的任何/api/什么端点而没有提供authorization头时,我得到一个401状态,我不知道为什么。
回答 2
Stack Overflow用户
发布于 2016-10-07 04:10:09
好的,我注意到了sample project的一个关键区别。我的项目在控制器级别使用RestfulController和@Secured注释,这就是产生401ON选项的原因。我覆盖了所有的方法以在方法级别保护它们,现在我不再得到401。
Stack Overflow用户
发布于 2017-12-21 22:31:08
您可以尝试这个解决方案(这对我很有效,使用grails 3.1.x):
CrosFilter.java:
import org.springframework.web.filter.OncePerRequestFilter;
import javax.annotation.Priority;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Priority(Integer.MIN_VALUE)
public class CorsFilter extends OncePerRequestFilter {
public CorsFilter() { }
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse resp, FilterChain chain)
throws ServletException, IOException {
String origin = req.getHeader("Origin");
boolean options = "OPTIONS".equals(req.getMethod());
if (options) {
if (origin == null) return;
resp.addHeader("Access-Control-Allow-Headers", "origin, authorization, accept, content-type, x-requested-with");
resp.addHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
resp.addHeader("Access-Control-Max-Age", "3600");
}
resp.addHeader("Access-Control-Allow-Origin", origin == null || origin.equals("null") ? "*" : origin);
resp.addHeader("Access-Control-Allow-Credentials", "true");
if (!options) chain.doFilter(req, resp);
}
}如果使用插件配置文件: src/main/groovy/pluginname/PluginNameGrailsPlugin.groovy:
Closure doWithSpring() {
{ ->
corsFilter(CorsFilter)
}
}对于web应用程序配置文件: grails-app/conf/spring/resources.groovy:
beans = {
corsFilter(CorsFilter)
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/39897521
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号