SpringSecurity 跨域问题 Cors

在SpringBoot中只需要在Controller上添加@CrossOrigin,而在导入SpringSecurity后将会失效,所以需要我们在SpringSecurity中再进行配置

public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors();
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.addAllowedOrigin("*");
        configuration.addAllowedMethod("*");
        configuration.addAllowedHeader("*");
        configuration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

此外,即使我们不配置CorsConfigurationSource而仅仅配置http.cors(),加上SpringBoot的@CrossOrigin,也可以实现除了/login之外的跨域问题.

前端代码

    <script>
        axios.defaults.withCredentials=true;//一定要带登录后,springsecurity自动设定,否则无法访问受限制的网址
        const params = new URLSearchParams();//将Json请求转换为Form请求
        params.append('username', 'admin');
        params.append('password', '123');
        axios.post('http://localhost:8080/login', params)
        .then(res => console.log(res));
    </script>

参考:
https://zhuanlan.zhihu.com/p/95119912
https://www.jianshu.com/p/596157f3c93c