微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

缺少访问控制允许来源

分类:编程问答

如何解决缺少访问控制允许来源

我使用 Spring 4 作为我的 angular 应用程序的后端。当 angular 应用程序向 spring 应用程序发出请求时,我收到一个错误

Access to **XMLHttpRequest at 'http://localhost:8080/AdminController/allAdmins' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.**

我正在使用自定义过滤器来验证每个用户请求 我的过滤器的代码是:

    @Override
        public void doFilter(ServletRequest request,ServletResponse response,FilterChain filterChain) throws IOException,servletexception {
        HttpServletRequest httpReq = (HttpServletRequest) request;
        HttpServletResponse httpResp = (HttpServletResponse) response;
            
    //      Ignoring the request URLs
            if (Utils.ignoreURLs(IGnorE_URLS,httpReq.getRequestURI()) == true) {
                filterChain.doFilter(request,response);
                return;
            }
            
    //      Fetching all the header params from request
            HttpServletRequest httpRequest = (HttpServletRequest) httpReq;
            Enumeration<String> headerNames = httpRequest.getHeaderNames();
            String loggedUserId = null;
            String authToken = null;
    
            if (headerNames != null) {
                while (headerNames.nextElement() != null && headerNames.hasMoreElements()) {
                    
                    loggedUserId = httpRequest.getHeader(Constants.LOGGED_USER_ID);
                    authToken = httpRequest.getHeader(Constants.AUTH_TOKEN);
                }
            }
            
            if (Utils.isBlank(loggedUserId) == true || Utils.isBlank(authToken) == true) {  
                httpResp.setContentType(MediaType.APPLICATION_JSON_VALUE);
                mapper.writeValue(httpResp.getWriter(),getErrorDetailsMap());
                return;
            }
ApplicationContext appContext = AppContextConfig.getApplicationContext();
            AccessManager accessManager = (AccessManager) appContext.getBean(AccessManager.class);
            // I am validating authentication token here
            if(accessManager.isValidToken(loggedUserId,authToken) == false) {
                httpResp.setContentType(MediaType.APPLICATION_JSON_VALUE);
                mapper.writeValue(httpResp.getWriter(),getErrorDetailsMap());
                return; 
            }
            filterChain.doFilter(request,response);
        }

解决方法

只需在控制器上使用 @CrossOrigin 注释并在您的 SecurityConfig 中定义此 bean:

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        final CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200"));
        configuration.setAllowedMethods(Arrays.asList("GET","POST","OPTIONS"));
        configuration.setAllowCredentials(true);
        configuration.setAllowedHeaders(Arrays.asList("*"));
        configuration.setExposedHeaders(Arrays.asList("x-auth-token","xsrf-token"));
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**",configuration);
        return source;
    }

编辑

或者可能是缺少标头的问题,其中以下过滤器应该足够了。

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
public class SimpleCORSFilter implements Filter {

private final Logger log = LoggerFactory.getLogger(SimpleCORSFilter.class);

public SimpleCORSFilter() {
    log.info("SimpleCORSFilter init");
}

@Override
public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) throws IOException,ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    response.setHeader("Access-Control-Allow-Origin",request.getHeader("Origin"));
    response.setHeader("Access-Control-Allow-Credentials","true");
    response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,DELETE");
    response.setHeader("Access-Control-Max-Age","3600");
    response.setHeader("Access-Control-Allow-Headers","Content-Type,Accept,X-Requested-With,remember-me");

    chain.doFilter(req,res);
}

@Override
public void init(FilterConfig filterConfig) {
}

@Override
public void destroy() {
}

}

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

相关推荐

Selenium Web驱动程序和Java元素在(x,y)点处不可单击其他元素将获得点击?
Selenium Web驱动程序和Java。元素在(x,y)点处不可单击。其他元素将获得点击?
Python-如何使用点“” 访问字典成员?
Python-如何使用点“。” 访问字典成员?
Java 字符串是不可变的到底是什么意思?
Java 字符串是不可变的。到底是什么意思?
Java中的“ final”关键字如何工作?我仍然可以修改对象
Java中的“ final”关键字如何工作?(我仍然可以修改对象。)
“loop:”在Java代码中这是什么,为什么要编译?
“loop:”在Java代码中。这是什么,为什么要编译?
java.lang.ClassNotFoundException:sun.jdbc.odbc.JdbcOdbcDriver发生异常为什么?
java.lang.ClassNotFoundException:sun.jdbc.odbc.JdbcOdbcDriver发生异常。为什么?
这是用Java进行XML解析的最佳库
这是用Java进行XML解析的最佳库。
Java的PriorityQueue的内置迭代器不会以任何特定顺序遍历数据结构为什么?
Java的PriorityQueue的内置迭代器不会以任何特定顺序遍历数据结构。为什么?
如何在Java中聆听按键时移动图像
如何在Java中聆听按键时移动图像。
Java“Program to an interface”这是什么意思?
Java“Program to an interface”。这是什么意思?
苹果市值2025年有望达4万亿美元
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot