Skip to content

Spring 中文文档社区
Spring 中文文档社区

元存储 / Spring 中文文档社区
与 Fork 源项目一致

Fork自 开发云 / Spring 中文文档社区

通知 1
Star 1
Fork 0
Spring 中文文档社区
Spring 中文文档社区

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
623.20a56d61.js 5.0 KB
Newer Older
茶陵後's avatar
#1 静态文件复制  
茶陵後 已提交
1 
(window.webpackJsonp=window.webpackJsonp||[]).push([[623],{1054:function(t,r,n){"use strict";n.r(r);var e=n(56),o=Object(e.a)({},(function(){var t=this,r=t.$createElement,n=t._self._c||r;return n("ContentSlotsDistributor",{attrs:{"slot-key":t.$parent.slotKey}},[n("h1",{attrs:{id:"cors"}},[n("a",{staticClass:"header-anchor",attrs:{href:"#cors"}},[t._v("#")]),t._v(" CORS")]),t._v(" "),n("p",[t._v("Spring Framework提供"),n("a",{attrs:{href:"https://docs.spring.io/spring/docs/current/spring-framework-reference/web.html#mvc-cors",target:"_blank",rel:"noopener noreferrer"}},[t._v("CORS的一流支持"),n("OutboundLink")],1),t._v("。CORS必须在 Spring 安全性之前进行处理,因为飞行前请求将不包含任何cookie(即"),n("code",[t._v("JSESSIONID")]),t._v(")。如果请求不包含任何cookie并且 Spring 安全性是第一位的,则该请求将确定用户未经过身份验证(因为在该请求中没有cookie)并拒绝它。")]),t._v(" "),n("p",[t._v("确保先处理CORS的最简单方法是使用"),n("code",[t._v("CorsFilter")]),t._v("。用户可以通过以下方式提供"),n("code",[t._v("CorsConfigurationSource")]),t._v(",将"),n("code",[t._v("CorsFilter")]),t._v("与 Spring 安全性集成在一起:")]),t._v(" "),n("p",[t._v("Java")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v('@EnableWebSecurity\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {\n\n\t@Override\n\tprotected void configure(HttpSecurity http) throws Exception {\n\t\thttp\n\t\t\t// by default uses a Bean by the name of corsConfigurationSource\n\t\t\t.cors(withDefaults())\n\t\t\t...\n\t}\n\n\t@Bean\n\tCorsConfigurationSource corsConfigurationSource() {\n\t\tCorsConfiguration configuration = new CorsConfiguration();\n\t\tconfiguration.setAllowedOrigins(Arrays.asList("https://example.com"));\n\t\tconfiguration.setAllowedMethods(Arrays.asList("GET","POST"));\n\t\tUrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();\n\t\tsource.registerCorsConfiguration("/**", configuration);\n\t\treturn source;\n\t}\n}\n')])])]),n("p",[t._v("Kotlin")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v('@EnableWebSecurity\nopen class WebSecurityConfig : WebSecurityConfigurerAdapter() {\n    override fun configure(http: HttpSecurity) {\n        http {\n            // by default uses a Bean by the name of corsConfigurationSource\n            cors { }\n            // ...\n        }\n    }\n\n    @Bean\n    open fun corsConfigurationSource(): CorsConfigurationSource {\n        val configuration = CorsConfiguration()\n        configuration.allowedOrigins = listOf("https://example.com")\n        configuration.allowedMethods = listOf("GET", "POST")\n        val source = UrlBasedCorsConfigurationSource()\n        source.registerCorsConfiguration("/**", configuration)\n        return source\n    }\n}\n')])])]),n("p",[t._v("或在XML中")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v('<http>\n\t<cors configuration-source-ref="corsSource"/>\n\t...\n</http>\n<b:bean id="corsSource" class="org.springframework.web.cors.UrlBasedCorsConfigurationSource">\n\t...\n</b:bean>\n')])])]),n("p",[t._v("如果使用 Spring MVC的CORS支持,则可以省略指定"),n("code",[t._v("CorsConfigurationSource")]),t._v(",并且 Spring Security将利用提供给 Spring MVC的CORS配置。")]),t._v(" "),n("p",[t._v("Java")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v("@EnableWebSecurity\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {\n\n\t@Override\n\tprotected void configure(HttpSecurity http) throws Exception {\n\t\thttp\n\t\t\t// if Spring MVC is on classpath and no CorsConfigurationSource is provided,\n\t\t\t// Spring Security will use CORS configuration provided to Spring MVC\n\t\t\t.cors(withDefaults())\n\t\t\t...\n\t}\n}\n")])])]),n("p",[t._v("Kotlin")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v("@EnableWebSecurity\nopen class WebSecurityConfig : WebSecurityConfigurerAdapter() {\n    override fun configure(http: HttpSecurity) {\n        http {\n            // if Spring MVC is on classpath and no CorsConfigurationSource is provided,\n            // Spring Security will use CORS configuration provided to Spring MVC\n            cors { }\n            // ...\n        }\n    }\n}\n")])])]),n("p",[t._v("或在XML中")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v("<http>\n\t\x3c!-- Default to Spring MVC's CORS configuration --\x3e\n\t<cors />\n\t...\n</http>\n")])])]),n("p",[n("RouterLink",{attrs:{to:"/spring-security/websocket.html"}},[t._v("WebSocket")]),n("RouterLink",{attrs:{to:"/spring-security/jsp-taglibs.html"}},[t._v("JSP Taglib")])],1)])}),[],!1,null,null,null);r.default=o.exports}}]);