diff --git a/ad-platform-gateway/src/main/java/com/baiye/filter/GwCorsFilter.java b/ad-platform-gateway/src/main/java/com/baiye/filter/GwCorsFilter.java new file mode 100644 index 00000000..80b929e7 --- /dev/null +++ b/ad-platform-gateway/src/main/java/com/baiye/filter/GwCorsFilter.java @@ -0,0 +1,40 @@ +package com.baiye.filter; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.reactive.CorsWebFilter; +import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource; +import org.springframework.web.util.pattern.PathPatternParser; + +/** + * @author Enzo + * @date : 2022/1/19 + */ +@Configuration +public class GwCorsFilter { + + @Bean + public CorsWebFilter corsFilter() { + CorsConfiguration config = new CorsConfiguration(); + // 允许cookies跨域 + config.setAllowCredentials(true); + // #允许向该服务器提交请求的URI,*表示全部允许,在SpringMVC中,如果设成*,会自动转成当前请求头中的Origin + config.addAllowedOrigin("*"); + // #允许访问的头信息,*表示全部 + config.addAllowedHeader("*"); + // 预检请求的缓存时间(秒),即在这个时间段里,对于相同的跨域请求不会再预检了 + config.setMaxAge(18000L); + //允许的方法 可设置* 即允许全部http请求方法类型 + config.addAllowedMethod("OPTIONS"); + config.addAllowedMethod("HEAD"); + config.addAllowedMethod("GET"); + config.addAllowedMethod("PUT"); + config.addAllowedMethod("POST"); + config.addAllowedMethod("DELETE"); + config.addAllowedMethod("PATCH"); + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser()); + source.registerCorsConfiguration("/**", config); + return new CorsWebFilter(source); + } +} diff --git a/manage/ad-platform-management/src/main/java/com/baiye/config/ConfigurerAdapter.java b/manage/ad-platform-management/src/main/java/com/baiye/config/ConfigurerAdapter.java index dbd60dd8..fa5136ea 100644 --- a/manage/ad-platform-management/src/main/java/com/baiye/config/ConfigurerAdapter.java +++ b/manage/ad-platform-management/src/main/java/com/baiye/config/ConfigurerAdapter.java @@ -16,11 +16,7 @@ package com.baiye.config; import com.baiye.config.properties.FileProperties; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.web.cors.CorsConfiguration; -import org.springframework.web.cors.UrlBasedCorsConfigurationSource; -import org.springframework.web.filter.CorsFilter; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @@ -42,7 +38,7 @@ public class ConfigurerAdapter implements WebMvcConfigurer { this.properties = properties; } - @Bean + /* @Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); @@ -52,7 +48,7 @@ public class ConfigurerAdapter implements WebMvcConfigurer { config.addAllowedMethod("*"); source.registerCorsConfiguration("/**", config); return new CorsFilter(source); - } + }*/ @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { diff --git a/manage/ad-platform-management/src/main/java/com/baiye/modules/security/config/SpringSecurityConfig.java b/manage/ad-platform-management/src/main/java/com/baiye/modules/security/config/SpringSecurityConfig.java index 1577c88b..b17e37ac 100644 --- a/manage/ad-platform-management/src/main/java/com/baiye/modules/security/config/SpringSecurityConfig.java +++ b/manage/ad-platform-management/src/main/java/com/baiye/modules/security/config/SpringSecurityConfig.java @@ -21,11 +21,10 @@ import com.baiye.modules.security.security.JwtAccessDeniedHandler; import com.baiye.modules.security.security.JwtAuthenticationEntryPoint; import com.baiye.modules.security.security.TokenConfigurer; import com.baiye.modules.security.service.OnlineUserService; -import com.baiye.service.UserCacheClean; import com.baiye.properties.SecurityProperties; import com.baiye.security.TokenProvider; +import com.baiye.service.UserCacheClean; import lombok.RequiredArgsConstructor; - import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -39,9 +38,7 @@ import org.springframework.security.config.core.GrantedAuthorityDefaults; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.filter.CorsFilter; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.mvc.method.RequestMappingInfo; import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; @@ -58,7 +55,6 @@ import java.util.*; public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { private final TokenProvider tokenProvider; - private final CorsFilter corsFilter; private final JwtAuthenticationEntryPoint authenticationErrorHandler; private final JwtAccessDeniedHandler jwtAccessDeniedHandler; private final ApplicationContext applicationContext; @@ -88,7 +84,6 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { httpSecurity // 禁用 CSRF .csrf().disable() - .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class) // 授权异常 .exceptionHandling() .authenticationEntryPoint(authenticationErrorHandler)