feat: 开启CORS资源共享，解决浏览器跨域访问限制

1ef29a03 · horizons · de915714 · 1ef29a03 · 1ef29a03 · 1ef29a03
4 changed file
--- a/src/main/java/com/youlai/system/config/CorsConfig.java
+++ b/src/main/java/com/youlai/system/config/CorsConfig.java
+package com.youlai.system.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+import java.util.Collections;
+
+/**
+ * 开启CORS资源共享
+ *
+ * @author haoxr
+ * @date 2022/10/24
+ */
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public CorsFilter corsFilter() {
+        CorsConfiguration corsConfiguration = new CorsConfiguration();
+        //1.允许任何来源
+        corsConfiguration.setAllowedOriginPatterns(Collections.singletonList("*"));
+        //2.允许任何请求头
+        corsConfiguration.addAllowedHeader(CorsConfiguration.ALL);
+        //3.允许任何方法
+        corsConfiguration.addAllowedMethod(CorsConfiguration.ALL);
+        //4.允许凭证
+        corsConfiguration.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", corsConfiguration);
+        return new CorsFilter(source);
+    }
+
+}
--- a/src/main/java/com/youlai/system/security/SecurityConfig.java
+++ b/src/main/java/com/youlai/system/security/SecurityConfig.java
-package com.youlai.system.security;
+package com.youlai.system.config;

-import com.youlai.system.security.jwt.JwtAuthenticationFilter;
+import com.youlai.system.filter.JwtAuthenticationFilter;
 import com.youlai.system.security.jwt.JwtTokenManager;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -11,7 +11,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;

--- a/src/main/java/com/youlai/system/security/jwt/JwtAuthenticationFilter.java
+++ b/src/main/java/com/youlai/system/security/jwt/JwtAuthenticationFilter.java
-package com.youlai.system.security.jwt;
+package com.youlai.system.filter;

 import cn.hutool.core.util.StrUtil;
 import com.youlai.system.common.result.ResultCode;
+import com.youlai.system.security.jwt.JwtTokenManager;
 import com.youlai.system.util.ResponseUtils;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.OncePerRequestFilter;

 import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;

 /**
 * jwt auth token filter.
@@ -27,8 +31,11 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
    }

    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
-
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
+        if(HttpMethod.OPTIONS.matches(request.getMethod()) ){
+            chain.doFilter(request, response);
+            return;
+        }
        String jwt = resolveToken(request);
        if (StrUtil.isNotBlank(jwt) && SecurityContextHolder.getContext().getAuthentication() == null) {
            try {

--- a/src/main/resources/mapper/SysUserMapper.xml
+++ b/src/main/resources/mapper/SysUserMapper.xml
@@ -21,7 +21,7 @@
            sys_user u
            LEFT JOIN sys_dept d ON u.dept_id = d.id
            LEFT JOIN sys_user_role sur ON u.id = sur.user_id
-            LEFT JOIN sys_role r ON ur.role_id = r.id
+            LEFT JOIN sys_role r ON sur.role_id = r.id
        <where>
            u.deleted = 0
            <if test='queryParams.keywords!=null and queryParams.keywords.trim() neq ""'>