经过很多努力后,我重写了类 WebSecurityConfigurerAdapter的 configure(WebSecurity web)方法
,因为授权服务器自行配置了此方法,而我还没有找到其他解决方案。另外,您还需要允许所有“ /oauth/token”Http.Options方法。我的方法:
__
@Overridepublic void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers(HttpMethod.OPTIONS, "/oauth/token");}此后,我们需要添加cors过滤器以将Http状态设置为OK。现在我们可以感知Http.Options方法了。
@Component@Order(Ordered.HIGHEST_PRECEDENCE)@WebFilter("/*")public class CorsFilter implements Filter { public CorsFilter() { } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { final HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization"); response.setHeader("Access-Control-Max-Age", "3600"); if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) req).getMethod())) { response.setStatus(HttpServletResponse.SC_OK); } else { chain.doFilter(req, res); } } @Override public void destroy() { } @Override public void init(FilterConfig config) throws ServletException { }}
