Spring启动时带有oAuth2 CORS问题的Spring Security

Question

我是弹簧靴的新手。我已经使用 oAuth2 实现了 Spring Security，并从 Spring Security 成功获取了访问令牌。但是当我尝试使用带有“授权”标头的令牌请求时..

config.headers["Authorization"] = 'Bearer 0d634d2b-3900-4ca4-a462-cf729e8d0c72';

我的CORS 过滤器如下：

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class RequestFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

            HttpServletResponse response = (HttpServletResponse) res;
            HttpServletRequest request = (HttpServletRequest) req;
            response.setHeader("Access-Control-Allow-Origin", "*");
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT,DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            if (request.getMethod()!="OPTIONS") {
                chain.doFilter(req, res);
            } else {
            }
    }

    @Override
    public void destroy() {
    }
}

但它仍然存在 CORS 问题。

请帮助我哪里错了。

Answer 1

问题解决。我以错误的方式发送令牌

config.headers["Authorization"] = 'Bearer 0d634d2b-3900-4ca4-a462-cf729e8d0c72';

正确的方法是：

config.headers.authorization = 'Bearer 0d634d2b-3900-4ca4-a462-cf729e8d0c72';

Answer 2

尝试像这样设置您的 Access-Control-Allow-Headers：

response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Authorization, Content-Type");