我创建了一个Vue-Spring登录API,看起来是正确的。
AuthForm.vue
methods: {
try_auth() {
if (this.check()) {
axios.post('http://localhost:8080/api/login', {
params: {
login: this.usr.login,
password: this.usr.password
}
});
}
},
}字符串
LoginController.java:
@RestController
@RequestMapping("/api")
@CrossOrigin("http://localhost:8081")
public class LoginContoller {
@RequestMapping(method = RequestMethod.POST, path="/login")
public ResponseEntity<String> handleLoginRequest(@RequestParam String login, @RequestParam String password) {
return ResponseEntity.ok("Authentication successful: " + login + " " + password);
}
}型
SecurityConfig.java:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedHeaders(List.of("Authorization", "Cache-Control", "Content-Type"));
corsConfiguration.setAllowedOrigins(List.of("*"));
corsConfiguration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PUT","OPTIONS","PATCH", "DELETE"));
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setExposedHeaders(List.of("Authorization"));
http.cors(Customizer.withDefaults())
.authorizeHttpRequests((authorizeRequests) ->
authorizeRequests
.requestMatchers("/**").hasRole("USER")
)
.formLogin((formLogin) ->
formLogin
.loginPage("/login")
.defaultSuccessUrl("/main")
.permitAll()
);
return http.build();
}
@Bean
public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
UserDetails user =
User.builder()
.username("user")
.password(passwordEncoder.encode("password"))
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}型
然而,当我尝试执行try_auth()方法时,我在控制台中得到了x1c 0d1x。我实现错了什么?Vue项目部署在8081端口,Tomcat运行在8080端口,我的问题和CORS issue - No 'Access-Control-Allow-Origin' header is present on the requested resource不同,因为这个方案不适合我,我仍然得到403错误,不知道如何修复它。我的LoginController可能被错误地使用。所以,这是我修复后的代码:LoginController没有改变。前端的Axios也没有改变。SecurityConfig:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.cors(withDefaults())
.authorizeHttpRequests((authorizeRequests) ->
authorizeRequests
.requestMatchers("/**").hasRole("USER")
)
.formLogin((formLogin) ->
formLogin
.loginPage("/login")
.defaultSuccessUrl("/main")
.permitAll()
);
return http.build();
}
@Bean
public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
UserDetails user =
User.builder()
.username("user")
.password(passwordEncoder.encode("password"))
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(List.of("http://localhost:8081"));
configuration.setAllowedMethods(Arrays.asList("GET","POST"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}型
还有
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/api/login. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 403.型
1条答案
按热度按时间lg40wkob1#
为什么出错:
http.cors在SecurityConfig.java不允许请求形式端口8081.这是Spring默认安全现象如何解决这个问题:
registry.addMapping和allowedMethods字符串
型