修改跨域问题

3 years ago · 33698bcad9
parent 90fed17e33
commit 33698bcad9
3 changed files with 43 additions and 12 deletions
--- a/ad-platform-gateway/src/main/java/com/baiye/filter/GwCorsFilter.java
+++ b/ad-platform-gateway/src/main/java/com/baiye/filter/GwCorsFilter.java
@ -0,0 +1,40 @@
+package com.baiye.filter;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.reactive.CorsWebFilter;
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
+import org.springframework.web.util.pattern.PathPatternParser;
+
+/**
+ * @author Enzo
+ * @date : 2022/1/19
+ */
+@Configuration
+public class GwCorsFilter {
+
+    @Bean
+    public CorsWebFilter corsFilter() {
+        CorsConfiguration config = new CorsConfiguration();
+        // 允许cookies跨域
+        config.setAllowCredentials(true);
+        // #允许向该服务器提交请求的URI，*表示全部允许，在SpringMVC中，如果设成*，会自动转成当前请求头中的Origin
+        config.addAllowedOrigin("*");
+        // #允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        //允许的方法 可设置* 即允许全部http请求方法类型
+        config.addAllowedMethod("OPTIONS");
+        config.addAllowedMethod("HEAD");
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
+        source.registerCorsConfiguration("/**", config);
+        return new CorsWebFilter(source);
+    }
+}
--- a/manage/ad-platform-management/src/main/java/com/baiye/config/ConfigurerAdapter.java
+++ b/manage/ad-platform-management/src/main/java/com/baiye/config/ConfigurerAdapter.java
@ -16,11 +16,7 @@
 package com.baiye.config;

 import com.baiye.config.properties.FileProperties;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@ -42,7 +38,7 @@ public class ConfigurerAdapter implements WebMvcConfigurer {
        this.properties = properties;
    }

-    @Bean
+  /*  @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
@ -52,7 +48,7 @@ public class ConfigurerAdapter implements WebMvcConfigurer {
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
-    }
+    }*/

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
--- a/manage/ad-platform-management/src/main/java/com/baiye/modules/security/config/SpringSecurityConfig.java
+++ b/manage/ad-platform-management/src/main/java/com/baiye/modules/security/config/SpringSecurityConfig.java
@ -21,11 +21,10 @@ import com.baiye.modules.security.security.JwtAccessDeniedHandler;
 import com.baiye.modules.security.security.JwtAuthenticationEntryPoint;
 import com.baiye.modules.security.security.TokenConfigurer;
 import com.baiye.modules.security.service.OnlineUserService;
-import com.baiye.service.UserCacheClean;
 import com.baiye.properties.SecurityProperties;
 import com.baiye.security.TokenProvider;
+import com.baiye.service.UserCacheClean;
 import lombok.RequiredArgsConstructor;
-
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -39,9 +38,7 @@ import org.springframework.security.config.core.GrantedAuthorityDefaults;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
@ -58,7 +55,6 @@ import java.util.*;
 public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    private final TokenProvider tokenProvider;
-    private final CorsFilter corsFilter;
    private final JwtAuthenticationEntryPoint authenticationErrorHandler;
    private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
    private final ApplicationContext applicationContext;
@ -88,7 +84,6 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
        httpSecurity
                // 禁用 CSRF
                .csrf().disable()
-                .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
                // 授权异常
                .exceptionHandling()
                .authenticationEntryPoint(authenticationErrorHandler)