• <legend id='jbIl9'><style id='jbIl9'><dir id='jbIl9'><q id='jbIl9'></q></dir></style></legend>

    <small id='jbIl9'></small><noframes id='jbIl9'>

        <bdo id='jbIl9'></bdo><ul id='jbIl9'></ul>

      <tfoot id='jbIl9'></tfoot>
      1. <i id='jbIl9'><tr id='jbIl9'><dt id='jbIl9'><q id='jbIl9'><span id='jbIl9'><b id='jbIl9'><form id='jbIl9'><ins id='jbIl9'></ins><ul id='jbIl9'></ul><sub id='jbIl9'></sub></form><legend id='jbIl9'></legend><bdo id='jbIl9'><pre id='jbIl9'><center id='jbIl9'></center></pre></bdo></b><th id='jbIl9'></th></span></q></dt></tr></i><div id='jbIl9'><tfoot id='jbIl9'></tfoot><dl id='jbIl9'><fieldset id='jbIl9'></fieldset></dl></div>

        使用 Spring Security 进行跨域资源共享

        Cross-Origin Resource Sharing with Spring Security(使用 Spring Security 进行跨域资源共享)
        <tfoot id='6MrdO'></tfoot>

        <i id='6MrdO'><tr id='6MrdO'><dt id='6MrdO'><q id='6MrdO'><span id='6MrdO'><b id='6MrdO'><form id='6MrdO'><ins id='6MrdO'></ins><ul id='6MrdO'></ul><sub id='6MrdO'></sub></form><legend id='6MrdO'></legend><bdo id='6MrdO'><pre id='6MrdO'><center id='6MrdO'></center></pre></bdo></b><th id='6MrdO'></th></span></q></dt></tr></i><div id='6MrdO'><tfoot id='6MrdO'></tfoot><dl id='6MrdO'><fieldset id='6MrdO'></fieldset></dl></div>

              <small id='6MrdO'></small><noframes id='6MrdO'>

                  <bdo id='6MrdO'></bdo><ul id='6MrdO'></ul>
                    <tbody id='6MrdO'></tbody>
                • <legend id='6MrdO'><style id='6MrdO'><dir id='6MrdO'><q id='6MrdO'></q></dir></style></legend>
                • 本文介绍了使用 Spring Security 进行跨域资源共享的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我试图让 CORS 与 Spring Security 很好地配合,但它不符合要求.我做了 this文章 并在 applicationContext-security.xml 中更改这一行已经让 POST 和 GET 请求适用于我的应用程序(暂时公开控制器方法,因此我可以测试 CORS):

                  I'm trying to make CORS play nicely with Spring Security but it's not complying. I made the changes described in this article and changing this line in applicationContext-security.xml has got POST and GET requests working for my app (temporarily exposes controller methods, so I can test CORS):

                  • 之前:<intercept-url pattern="/**" access="isAuthenticated()"/>
                  • 之后:<intercept-url pattern="/**" access="permitAll"/>

                  不幸的是,以下允许 Spring Security 通过 AJAX 登录的 URL 没有响应:http://localhost:8080/mutopia-server/resources/j_spring_security_check.我正在从 http://localhost:80http://localhost:8080 发出 AJAX 请求.

                  Unfortunately the following URL which allows Spring Security logins through AJAX isn't responding: http://localhost:8080/mutopia-server/resources/j_spring_security_check. I am making the AJAX request from http://localhost:80 to http://localhost:8080.

                  当尝试访问 j_spring_security_check 我在 Chrome 中得到 (pending) 用于 OPTIONS 预检请求和 AJAX 调用返回 HTTP 状态代码 0 和消息错误".

                  When attempting to access j_spring_security_check I get (pending) in Chrome for the OPTIONS preflight request and AJAX call returns with HTTP status code 0 and message "error".

                  预检成功,HTTP 状态代码为 302,之后我仍然直接收到 AJAX 请求的错误回调,HTTP 状态为 0,消息错误".

                  The preflight succeeds with HTTP status code 302 and I still get the error callback for my AJAX request directly afterwards with HTTP status 0 and message "error".

                  function get(url, json) {
                      var args = {
                          type: 'GET',
                          url: url,
                          // async: false,
                          // crossDomain: true,
                          xhrFields: {
                              withCredentials: false
                          },
                          success: function(response) {
                              console.debug(url, response);
                          },
                          error: function(xhr) {
                              console.error(url, xhr.status, xhr.statusText);
                          }
                      };
                      if (json) {
                          args.contentType = 'application/json'
                      }
                      $.ajax(args);
                  }
                  
                  function post(url, json, data, dataEncode) {
                      var args = {
                          type: 'POST',
                          url: url,
                          // async: false,
                          crossDomain: true,
                          xhrFields: {
                              withCredentials: false
                          },
                          beforeSend: function(xhr){
                              // This is always added by default
                              // Ignoring this prevents preflight - but expects browser to follow 302 location change
                              xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
                              xhr.setRequestHeader("X-Ajax-call", "true");
                          },
                          success: function(data, textStatus, xhr) {
                              // var location = xhr.getResponseHeader('Location');
                              console.error('success', url, xhr.getAllResponseHeaders());
                          },
                          error: function(xhr) {
                              console.error(url, xhr.status, xhr.statusText);
                              console.error('fail', url, xhr.getAllResponseHeaders());
                          }
                      }
                      if (json) {
                          args.contentType = 'application/json'
                      }
                      if (typeof data != 'undefined') {
                          // Send JSON raw in the body
                          args.data = dataEncode ? JSON.stringify(data) : data;
                      }
                      console.debug('args', args);
                      $.ajax(args);
                  }
                  
                  var loginJSON = {"j_username": "username", "j_password": "password"};
                  
                  // Fails
                  post('http://localhost:8080/mutopia-server/resources/j_spring_security_check', false, loginJSON, false);
                  
                  // Works
                  post('http://localhost/mutopia-server/resources/j_spring_security_check', false, loginJSON, false);
                  
                  // Works
                  get('http://localhost:8080/mutopia-server/landuses?projectId=6', true);
                  
                  // Works
                  post('http://localhost:8080/mutopia-server/params', true, {
                      "name": "testing",
                      "local": false,
                      "generated": false,
                      "project": 6
                  }, true);
                  

                  请注意 - 除了 Spring Security 登录之外,我可以通过 CORS 发布到我的应用程序中的任何其他 URL.我已经阅读了很多文章,因此对于这个奇怪问题的任何见解将不胜感激

                  Please note - I can POST to any other URL in my app via CORS except the Spring Security login. I've gone through lots of articles, so any insight into this strange issue would be greatly appreciated

                  推荐答案

                  我能够通过扩展 UsernamePasswordAuthenticationFilter 来做到这一点...我的代码在 Groovy 中,希望没问题:

                  I was able to do this by extending UsernamePasswordAuthenticationFilter... my code is in Groovy, hope that's OK:

                  public class CorsAwareAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
                      static final String ORIGIN = 'Origin'
                  
                      @Override
                      public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response){
                          if (request.getHeader(ORIGIN)) {
                              String origin = request.getHeader(ORIGIN)
                              response.addHeader('Access-Control-Allow-Origin', origin)
                              response.addHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE')
                              response.addHeader('Access-Control-Allow-Credentials', 'true')
                              response.addHeader('Access-Control-Allow-Headers',
                                      request.getHeader('Access-Control-Request-Headers'))
                          }
                          if (request.method == 'OPTIONS') {
                              response.writer.print('OK')
                              response.writer.flush()
                              return
                          }
                          return super.attemptAuthentication(request, response)
                      }
                  }
                  

                  上面的重要部分:

                  • 仅在检测到 CORS 请求时将 CORS 标头添加到响应中
                  • 使用简单的非空 200 响应响应飞行前 OPTIONS 请求,该响应还包含 CORS 标头.

                  你需要在你的 Spring 配置中声明这个 bean.有很多文章展示了如何做到这一点,所以我不会在这里复制.

                  You need to declare this bean in your Spring configuration. There are many articles showing how to do this so I won't copy that here.

                  在我自己的实现中,我使用原始域白名单,因为我只允许 CORS 供内部开发人员访问.以上是我正在做的事情的简化版本,可能需要调整,但这应该会给你一个大致的想法.

                  In my own implementation I use an origin domain whitelist as I am allowing CORS for internal developer access only. The above is a simplified version of what I am doing so may need tweaking but this should give you the general idea.

                  这篇关于使用 Spring Security 进行跨域资源共享的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                  相关文档推荐

                  Lucene Porter Stemmer not public(Lucene Porter Stemmer 未公开)
                  How to index pdf, ppt, xl files in lucene (java based or python or php any of these is fine)?(如何在 lucene 中索引 pdf、ppt、xl 文件(基于 java 或 python 或 php 中的任何一个都可以)?)
                  KeywordAnalyzer and LowerCaseFilter/LowerCaseTokenizer(KeywordAnalyzer 和 LowerCaseFilter/LowerCaseTokenizer)
                  How to search between dates (Hibernate Search)?(如何在日期之间搜索(休眠搜索)?)
                  How to get positions from a document term vector in Lucene?(如何从 Lucene 中的文档术语向量中获取位置?)
                  Java Lucene 4.5 how to search by case insensitive(Java Lucene 4.5如何按不区分大小写进行搜索)
                  • <legend id='h0O4f'><style id='h0O4f'><dir id='h0O4f'><q id='h0O4f'></q></dir></style></legend>

                        • <small id='h0O4f'></small><noframes id='h0O4f'>

                          <tfoot id='h0O4f'></tfoot>
                            <tbody id='h0O4f'></tbody>
                            <bdo id='h0O4f'></bdo><ul id='h0O4f'></ul>

                            <i id='h0O4f'><tr id='h0O4f'><dt id='h0O4f'><q id='h0O4f'><span id='h0O4f'><b id='h0O4f'><form id='h0O4f'><ins id='h0O4f'></ins><ul id='h0O4f'></ul><sub id='h0O4f'></sub></form><legend id='h0O4f'></legend><bdo id='h0O4f'><pre id='h0O4f'><center id='h0O4f'></center></pre></bdo></b><th id='h0O4f'></th></span></q></dt></tr></i><div id='h0O4f'><tfoot id='h0O4f'></tfoot><dl id='h0O4f'><fieldset id='h0O4f'></fieldset></dl></div>