Ошибка Cors в Spring Boot 3 с Spring Security и аутентификацией JWT

Java Spring Spring-Boot Spring-Mvc Spring-Security
1
6

Я изучаю Spring boot и столкнулся с простой проблемой. Я получаю ошибку cors при использовании Spring Boot 3 и Spring Security с аутентификацией JWT и вызове API аутентификации из приложения Angular. Конечная точка /authentication/login защищена.

Spring Boot: 3.3.2

Spring Security: 6.3.1

SecurityConfiguration.java

package br.com.piscium.configs;

import java.util.Arrays;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfiguration {

    ...

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
            .cors(c -> c.configurationSource(corsConfigurationSource()))
            .csrf(AbstractHttpConfigurer::disable)
            .sessionManagement(management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(auth -> auth
                    .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                    .requestMatchers("/authentication/**", "/users/register").permitAll()
                    .anyRequest().authenticated());
            
        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
        
        return http.build();
    }
    
    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfig = new CorsConfiguration();
        corsConfig.applyPermitDefaultValues();
        corsConfig.setAllowCredentials(true);
        corsConfig.addAllowedMethod("GET");
        corsConfig.addAllowedMethod("PATCH");
        corsConfig.addAllowedMethod("POST");
        corsConfig.addAllowedMethod("OPTIONS");
        corsConfig.setAllowedOrigins(Arrays.asList("*"));
        corsConfig.setAllowedHeaders(Arrays.asList("*"));

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", corsConfig);
        return source;
    }
}


package br.com.piscium.controllers;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import br.com.piscium.dtos.LoginCredentialsDTO;
import br.com.piscium.dtos.LoginResponseDTO;
import br.com.piscium.dtos.UserInformationResponseDTO;
import br.com.piscium.entities.User;
import br.com.piscium.services.AuthenticationService;
import br.com.piscium.utils.JwtTokenUtils;
import jakarta.servlet.http.HttpServletRequest;

@CrossOrigin
@RestController
@RequestMapping("authentication")
public class AuthenticationController {

    ...

    @PostMapping("login")
    public ResponseEntity<?> login(@RequestBody LoginCredentialsDTO loginCredentialsDTO) {
        User authenticatedUser = authenticationService.authenticate(loginCredentialsDTO);
        String jwtToken = jwtTokenUtils.generateToken(authenticatedUser);

        LoginResponseDTO loginResponse = new LoginResponseDTO();
        loginResponse.setToken(jwtToken);
        loginResponse.setExpiresIn(jwtTokenUtils.getExpirationTime());

        return new ResponseEntity<>(loginResponse, HttpStatus.OK);
    }

    ...
}

I read some post here in SO and reddit, change somethigns but I'm still getting error with this simple thing, anyone could help me??
Азарий
Вопрос задан18 марта 2024 г.

1 Ответ

2
Илья
Ответ получен5 сентября 2024 г.

Ваш ответ

Загрузить файл.

При использовании материалов сайта ссылка на stackoverhow.ru обязательна.