我已經關閉了跨域保護,但是除了permitAll過濾掉的login相關介面以及get請求之外,所有的post請求都回傳:
{
"timestamp": 1619093866976,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/role/insert"
}
@Configuration
@EnableWebSecurity
public class JWTSecurityConfig extends WebSecurityConfigurerAdapter {
private final JWTAuthenticationFilter jwtAuthenticationFilter;
private final JWTAuthenticationProvider jwtAuthenticationProvider;
private final WebOptionsFilter webOptionsFilter;
@Autowired
public JWTSecurityConfig(JWTAuthenticationFilter jwtAuthenticationFilter, JWTAuthenticationProvider jwtAuthenticationProvider, WebOptionsFilter webOptionsFilter) {
this.jwtAuthenticationFilter = jwtAuthenticationFilter;
this.jwtAuthenticationProvider = jwtAuthenticationProvider;
this.webOptionsFilter = webOptionsFilter;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
public void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(jwtAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable() //關閉跨域保護
.httpBasic().disable()
.formLogin().disable()
// ReST is stateless, no sessions
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
// return 403 when not authenticated
.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint())
.and()
//跨域設定
.cors()
.configurationSource(corsConfigurationSource());
// Let child classes set up authorization paths
http.authorizeRequests()
.antMatchers("/login", "/login/check", "/login/logout").permitAll()
//swagger請求允許
.antMatchers("/v2/api-docs", "/swagger-resources/configuration/ui", "/swagger-resources",
"/swagger-ui.html", "/webjars/**", "/swagger-resources/configuration/security").permitAll()
.antMatchers("/actuator", "/actuator/health", "/info", "/error", "/dump", "/metrics",
"/env", "/refresh", "/trace", "/jolokia/", "/flyway",
"/liquibase", "/logfile").permitAll()
.anyRequest().authenticated();
//在安全驗證前添加WebFilter
http.addFilterBefore(webOptionsFilter, FilterSecurityInterceptor.class);
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
//同源配置,*表示任何請求都視為同源,若需指定ip和埠可以改為如“localhost:8080”,多個以“,”分隔;
corsConfiguration.addAllowedOrigin("*");
//header,允許哪些header,可將*替換為token
corsConfiguration.addAllowedHeader("*");
//允許的請求方法,POST、GET等
corsConfiguration.addAllowedMethod("*");
corsConfiguration.setAllowCredentials(true);
//配置允許跨域訪問的url
((UrlBasedCorsConfigurationSource) source).registerCorsConfiguration("/**", corsConfiguration);
return source;
}
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/279097.html
標籤:Java相關
下一篇:java入門新手
