零、背景
最近项目组准备搞前后端分离,前端使用vue框架,那么首要问题来了,如何再使用原来搭建的单点登录系统(Oauth2)。vue切换到 history 模式,在写了一套Oauth2登录的JS实现后,发现还有一个跨域的问题,无法POST获取 “/access/token”。网上找了很多方法都无效,有一个修改 WebSecurityConfigurerAdapter 的加载顺序(Order),但是会造成Oauth2无法验证凭据。最后还是通过加入一个 Filter 来解决。
一、环境
JDK1.8,Spring Boot 2.1.6.RELEASE, Spring Cloud Greenwich.SR1
二、解决方案
@Order(Ordered.HIGHEST_PRECEDENCE) @Configuration public class FateCorsFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin","*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, PATCH, DELETE, PUT, OPTIONS"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "*"); //下面这段是关键,不加的话,返回时Ajax会提示ResponseStatus异常 if("OPTIONS".equalsIgnoreCase(request.getMethod())){ response.setStatus(HttpServletResponse.SC_OK); }else{ chain.doFilter(req, res); } } @Override public void destroy() {} }