我将Vaadin应用程序更新到Sping Boot 3,现在我在启动时收到以下警告
Cache miss for REQUEST dispatch to '/ui/login' (previous null). Performing CorsConfiguration lookup. This is logged once only at WARN level, and every time at TRACE.字符串
通过添加以下Bean,错误消失:
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("https://test.com"));
configuration.setAllowedMethods(Arrays.asList("*"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}型
这个Bean的消息是不正确的,但是我不确定它是否正确。我读了很多关于CORS的文章,但是不太了解它的细节。也许有人可以帮助我或者告诉我如何正确处理它。
这是我的WebSecurityConfig:
@Configuration
@EnableWebSecurity
public class TestWebSecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((requests) -> {
requests.requestMatchers(AntPathRequestMatcher.antMatcher(MAPPING + "**")).hasAuthority("abc");
requests.anyRequest().permitAll();
});
http.httpBasic(Customizer.withDefaults());
http.csrf((customizer) -> customizer.disable());
http.headers((customizer) -> customizer.disable());
return http.build();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("xyz")
.password("xyz")
.authorities("abc");
}
}型
先谢谢你了!
1条答案
按热度按时间643ylb081#
这是自Sping Boot 3.2.0以来的已知行为,因为Spring Framework更改描述了here。该修复已经在Spring Security中包含implement,并将在今年12月晚些时候包含在Sping Boot 3.2.1中。