Я изучаю Spring boot и столкнулся с простой проблемой. Я получаю ошибку cors при использовании Spring Boot 3 и Spring Security с аутентификацией JWT и вызове API аутентификации из приложения Angular. Конечная точка /authentication/login защищена.
Spring Boot: 3.3.2
Spring Security: 6.3.1
SecurityConfiguration.java
package br.com.piscium.configs;
import java.util.Arrays;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfiguration {
...
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.cors(c -> c.configurationSource(corsConfigurationSource()))
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/authentication/**", "/users/register").permitAll()
.anyRequest().authenticated());
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration corsConfig = new CorsConfiguration();
corsConfig.applyPermitDefaultValues();
corsConfig.setAllowCredentials(true);
corsConfig.addAllowedMethod("GET");
corsConfig.addAllowedMethod("PATCH");
corsConfig.addAllowedMethod("POST");
corsConfig.addAllowedMethod("OPTIONS");
corsConfig.setAllowedOrigins(Arrays.asList("*"));
corsConfig.setAllowedHeaders(Arrays.asList("*"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfig);
return source;
}
}
package br.com.piscium.controllers;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import br.com.piscium.dtos.LoginCredentialsDTO;
import br.com.piscium.dtos.LoginResponseDTO;
import br.com.piscium.dtos.UserInformationResponseDTO;
import br.com.piscium.entities.User;
import br.com.piscium.services.AuthenticationService;
import br.com.piscium.utils.JwtTokenUtils;
import jakarta.servlet.http.HttpServletRequest;
@CrossOrigin
@RestController
@RequestMapping("authentication")
public class AuthenticationController {
...
@PostMapping("login")
public ResponseEntity<?> login(@RequestBody LoginCredentialsDTO loginCredentialsDTO) {
User authenticatedUser = authenticationService.authenticate(loginCredentialsDTO);
String jwtToken = jwtTokenUtils.generateToken(authenticatedUser);
LoginResponseDTO loginResponse = new LoginResponseDTO();
loginResponse.setToken(jwtToken);
loginResponse.setExpiresIn(jwtTokenUtils.getExpirationTime());
return new ResponseEntity<>(loginResponse, HttpStatus.OK);
}
...
}
I read some post here in SO and reddit, change somethigns but I'm still getting error with this simple thing, anyone could help me??
Азарий
Вопрос задан18 марта 2024 г.