Spring Boot @Crossorigin注释不起作用
我正在使用弹簧2.6.6,而ReactJ则用于前端。我有一个使用REST控制器暴露的端口端点,但是当API
下面调用时,我正在给出CORS错误,如下所示,REST控制器
@RestController
@CrossOrigin(origins = "http://localhost:3000", allowedHeaders = "*")
@RequestMapping("/image")
public class ImageUpload {
@Autowired
private ExtractData extractData;
@Autowired
private Gson gson;
@PostMapping("/extract")
public Map<String, ArrayList<String>> upload(
@RequestParam(value = "image") MultipartFile image,
@RequestParam(value = "selectedOptions") String selectedOptions
) throws IOException, TesseractException {
Map<String, Boolean> selectedOptionsMap = gson.fromJson(selectedOptions, Map.class);
byte[] imageData = image.getBytes();
ByteArrayInputStream bais = new ByteArrayInputStream(imageData);
try {
BufferedImage bufferedImage = ImageIO.read(bais);
Map<String, ArrayList<String>> resultSet = new HashMap<String, ArrayList<String>>();
resultSet = extractData.extractData(selectedOptionsMap, bufferedImage);
return resultSet;
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
还实现了WebMvcconFigurer,但这也没有工作:
@Configuration
@EnableWebMvc
public class WebMvcConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/image/**")
.allowedOrigins("http://localhost:3000")
.allowedMethods("GET", "POST")
.allowedHeaders("*")
.allowCredentials(false).maxAge(3600);
}
}
我的安全配置类
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService myUserDetailsService;
@Autowired
private JwtRequestFilter jwtRequestFilter;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests().antMatchers("/authenticate").permitAll()
.anyRequest().authenticated()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
请求标头:
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Content-Length: 110239
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryX8BGweBFqsM2R7hy
Host: localhost:8080
Origin: http://localhost:3000
Referer: http://localhost:3000/
sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36
响应标头:
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Sun, 03 Jul 2022 13:37:57 GMT
Expires: 0
Keep-Alive: timeout=60
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
也添加添加CORS过滤器实现不起作用
I am using Spring 2.6.6 and Reactjs for frontend. I have a POST endpoint exposed using a rest controller but is is giving CORS error when api is called
Below is the rest controller
@RestController
@CrossOrigin(origins = "http://localhost:3000", allowedHeaders = "*")
@RequestMapping("/image")
public class ImageUpload {
@Autowired
private ExtractData extractData;
@Autowired
private Gson gson;
@PostMapping("/extract")
public Map<String, ArrayList<String>> upload(
@RequestParam(value = "image") MultipartFile image,
@RequestParam(value = "selectedOptions") String selectedOptions
) throws IOException, TesseractException {
Map<String, Boolean> selectedOptionsMap = gson.fromJson(selectedOptions, Map.class);
byte[] imageData = image.getBytes();
ByteArrayInputStream bais = new ByteArrayInputStream(imageData);
try {
BufferedImage bufferedImage = ImageIO.read(bais);
Map<String, ArrayList<String>> resultSet = new HashMap<String, ArrayList<String>>();
resultSet = extractData.extractData(selectedOptionsMap, bufferedImage);
return resultSet;
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
Also implemented WebMvcConfigurer as follows but this also didn't work:
@Configuration
@EnableWebMvc
public class WebMvcConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/image/**")
.allowedOrigins("http://localhost:3000")
.allowedMethods("GET", "POST")
.allowedHeaders("*")
.allowCredentials(false).maxAge(3600);
}
}
My security configuration class
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService myUserDetailsService;
@Autowired
private JwtRequestFilter jwtRequestFilter;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests().antMatchers("/authenticate").permitAll()
.anyRequest().authenticated()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
Request headers:
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Content-Length: 110239
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryX8BGweBFqsM2R7hy
Host: localhost:8080
Origin: http://localhost:3000
Referer: http://localhost:3000/
sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36
Response headers:
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Sun, 03 Jul 2022 13:37:57 GMT
Expires: 0
Keep-Alive: timeout=60
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Also adding CORS filter implementation did not work
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我在安全配置中缺少http.cors()
更改配置方法如下以下解决问题
I was missing http.cors() in the security configuration
Changing the configure method as follows solved the problem