零、背景
最近项目组准备搞前后端分离,前端使用vue框架,那么首要问题来了,如何再使用原来搭建的单点登录系统(Oauth2)。vue切换到 history 模式,在写了一套Oauth2登录的JS实现后,发现还有一个跨域的问题,无法POST获取 “/access/token”。网上找了很多方法都无效,有一个修改 WebSecurityConfigurerAdapter 的加载顺序(Order),但是会造成Oauth2无法验证凭据。最后还是通过加入一个 Filter 来解决。
一、环境
JDK1.8,Spring Boot 2.1.6.RELEASE, Spring Cloud Greenwich.SR1
二、解决方案
@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
public class FateCorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin","*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PATCH, DELETE, PUT, OPTIONS");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
//下面这段是关键,不加的话,返回时Ajax会提示ResponseStatus异常
if("OPTIONS".equalsIgnoreCase(request.getMethod())){
response.setStatus(HttpServletResponse.SC_OK);
}else{
chain.doFilter(req, res);
}
}
@Override
public void destroy() {}
}