allowedOriginPatterns IllegalArgumentException 错误

Question

我设置 SecurityConfig 设置的类。

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("OPTIONS");
        config.addAllowedMethod("HEAD");
        config.addAllowedMethod("GET");
        config.addAllowedMethod("PUT");
        config.addAllowedMethod("POST");
        config.addAllowedMethod("DELETE");
        config.addAllowedMethod("PATCH");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .cors()
                .and()
                .csrf().disable()
                .exceptionHandling().authenticationEntryPoint(handler).and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests()
                .antMatchers("/auth/**")
                .permitAll()
                .anyRequest().authenticated();
        httpSecurity.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}

我在哪里实现 AuthController.AuthController.java @RequestMapping("/auth")

    @PostMapping("/register")
    public ResponseEntity<String> register(@RequestBody UserRequst registerRequst){
        if (userService.getOneUserByUserName(registerRequst.getUsername())!=null)
            return new ResponseEntity<>("Username already in use.", HttpStatus.BAD_REQUEST);

        User user = new User();
        user.setUserName(registerRequst.getUsername());
        user.setPassword(passwordEncoder.encode(registerRequst.getPassword()));
        userService.userSave(user);
        return new ResponseEntity<>("user successfully registered",HttpStatus.CREATED);
    }

当我从 Postman 向 localhost:8080/auth/register 发送发布请求时，我收到此错误。我找不到原因。我是java后端的新手。我该如何解决这个错误。

java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
    at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473) ~[spring-web-5.3.8.jar:5.3.8]
    at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:577) ~[spring-web-5.3.8.jar:5.3.8]
    at org.springframework.web.cors.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:174) ~[spring-web-5.3.8.jar:5.3.8]
    at org.springframework.web.cors.DefaultCorsProcessor.handleInternal(DefaultCorsProcessor.java:116) ~[spring-web-5.3.8.jar:5.3.8]

    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.5.2</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <java.version>1.8</java.version>
    </properties>

我使用的操作系统是 Ubuntu 21.04。

Answer 1

问题出在错误信息中

java.lang.IllegalArgumentException：当allowCredentials 为真时，allowedOrigins 不能包含特殊值“*”，因为它不能在“Access-Control-Allow-Origin”响应标头上设置。要允许一组来源的凭据，请明确列出它们或考虑改用“allowedOriginPatterns”。

由于您拥有config.setAllowCredentials(true);，因此您的config.addAllowedOrigin("*"); 必须包含一个特定的URL，该URL 是尝试访问该资源的来源。如果您正在编写基于 javascript 的前端，则可能是 http://localhost:3000。