首先,我是本地起的后端工程(8080端口):
然后前端工程(8081端口)访问后端地址,报下面的跨域问题:
Access to XMLHttpRequest at 'http://localhost:8080/sso/auth/login' from origin 'http://localhost:8081' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
检查了下webconfig文件,没发现任何问题,之后发现启动日志里报了security的日志,但是工程中又没有用到security这个依赖,拦截器一般都是权限验证,大概率就是security里面有默认拦截器,才会拦截了跳登录,所以才试着去把security的依赖注释掉:
没用security就把依赖包注释掉,如果有用到的话,则到配置文件SecurityConfig.java里面,改firlwall成default模式:
package com.xmair.core.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
import org.springframework.security.web.firewall.HttpFirewall;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/metrics/info").permitAll()
.antMatchers("/metrics/health").permitAll()
.antMatchers("/metrics/**").authenticated()
.anyRequest().permitAll()
.and().httpBasic()
.and()
.csrf().disable();
}
@Bean
public HttpFirewall httpFirewall() {
return new DefaultHttpFirewall();
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/themes/**","/script/**");
}
}
详细问题可参考以下链接:
StrictHttpFirewall (Spring Security 4.2.7.RELEASE API)
