请求的资源上没有“Access-Control-Allow-Origin”标头,响应具有HTTP状态代码401
我一直在实现Spring(4.3)Restful应用程序,它具有spring security和oauth(2)配置。 实现这些配置后,我通过邮递员测试了我的其余api调用,一切都很好,但我的客户端只是jquery或ajax。 当我试图调用oauth令牌时,它显示“请求资源上没有’Access-Control-Allow-Origin’标头。因此不允许来源’ http:// localhost:8080 ‘访问”错误,我有配置的cors也启用配置。 但我不知道我错过了哪一部分,请帮助我。 在google上提出这么多建议之后我还尝试了filter方法以及Spring安全配置方法。 但仍然得到同样的错误。
我的服务器代码
@Configuration public class WebConfig extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH","OPTIONS")); } } =======================================
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override @Order(Ordered.HIGHEST_PRECEDENCE) protected void configure(HttpSecurity http) throws Exception { http.cors().and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() //.csrf().disable() .authorizeRequests() .antMatchers("/register").permitAll() .antMatchers("/contact").permitAll() .antMatchers("/signup").permitAll() .antMatchers("/oauth/**").permitAll() .antMatchers(HttpMethod.OPTIONS,"*").permitAll() .anyRequest().authenticated().and() .httpBasic(); // .realmName("CRM_REALM"); }
============================================
@Bean public CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("*")); configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH","OPTIONS"))); // setAllowCredentials(true) is important, otherwise: // The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. configuration.setAllowCredentials(true); // setAllowedHeaders is important! Without it, OPTIONS preflight request // will fail with 403 Invalid CORS request configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type")); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; }
客户代码
var settings = { "async": true, "crossDomain": true, "url": "http://10.10.1.13:8080/OauthCrud/oauth/token", "method": "POST", "headers": { "authorization": "Basic b2F1dGhDcnVkOm9hdXRoU3VwZXJTZWNyZXQ=", "content-type": "application/x-www-form-urlencoded", "cache-control": "no-cache", "postman-token": "22b603e4-bf59-b722-d758-f51a1fe1a1d4" }, "data": { "username": "rama", "password": "rama", "grant_type": "password" } } $.ajax(settings).done(function (response) { console.log(response); });
错误:
