弹簧安全性和角6 HTTPS请求
弹簧安全性和角6 HTTPS请求
提问于 2019-03-18 13:05:14
我的后端应用程序在春季启动和安全的ssl。我使用了OAuth2 facebook登录。此外,前端应用程序的角7和安全的ssl。我的问题是将请求发送到Spring引导应用程序。所有的应用程序都是https。
如果我将url添加到webSecurity.ignoring()中,则所有操作都正常。不保护我的后端。我认为安全性和HTTPS请求存在一些问题。谢谢你帮忙。
后端
SecurityConfig.java
@RestController
@CrossOrigin(origins = "https://192.168.1.106:4400")
@Configuration
@Order(1000)
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserRepo userRepo;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/unauth/**").permitAll()
.antMatchers(HttpMethod.POST, "/unauth/upload").permitAll()
.antMatchers(HttpMethod.POST, "/api/**").authenticated()
.antMatchers(HttpMethod.PUT, "/api/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/api/**").authenticated()
.antMatchers(HttpMethod.GET, "/api/**").authenticated()
.anyRequest().permitAll()
.and().logout().logoutSuccessUrl("/").permitAll();
}
@Override
public void configure(WebSecurity webSecurity) {
webSecurity.ignoring().antMatchers(HttpMethod.GET, "/unauth/**");
webSecurity.ignoring().antMatchers(HttpMethod.POST, "/unauth/**");
}
webSecurity.ignoring().antMatchers(HttpMethod.POST, "/unauth/**");
}SomeRestController.java
@RestController
@CrossOrigin(origins = "https://192.168.1.106:4400")
@RequestMapping ("/api")
public class ProductService {
@Autowired
private ProductRepo productRepo;
@CrossOrigin(origins = "https://192.168.1.106:4400")
@GetMapping("/products")
public List<Product> getProducts(){
return productRepo.findAll();
}SpringBootApplication.java
@SpringBootApplication
@EnableOAuth2Sso
@CrossOrigin(origins = {"https://192.168.1.106:4400"}, allowCredentials = "false")
public class MongoTestApplication {
public static void main(String[] args) {
SpringApplication.run(MongoTestApplication.class, args);
}
}
前端
SomeComponent.html <按钮(单击)=“makeRequest()”>发出请求< /button >
SomeComponent.ts
val:any = {};
makeRequest(){
this.http.get("https://localhost:8443/api/products").subscribe(value => {this.val = value; console.log(this.val.key)});
}
误差
浏览器中的错误
Access to XMLHttpRequest at 'https://localhost:8443/api/brands' from origin 'https://192.168.1.106:4400' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
core.js.pre-build-optimizer.js:15714 ERROR n {headers: t, status: 0, statusText: "Unknown Error", url: "https://localhost:8443/api/brands", ok: false, …}回答 1
Stack Overflow用户
发布于 2019-03-18 13:15:00
按下面的方式编辑您的主类,并从控制器中删除所有@跨界源。
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@SpringBootApplication
@EnableOAuth2Sso
public class MongoTestApplication {
public static void main(String[] args) {
SpringApplication.run(MongoTestApplication.class, args);
}
@SuppressWarnings("deprecation")
@Bean
public WebMvcConfigurer corsConfigurer()
{
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("GET", "PUT", "POST", "DELETE", "OPTIONS");
}
};
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/55222097
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号