diff --git a/service-configuration/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java b/service-configuration/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java index 423af7b..4ced1e5 100644 --- a/service-configuration/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java +++ b/service-configuration/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java @@ -2,11 +2,15 @@ package com.lanyuanxiaoyao.service.configuration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.filter.CorsFilter; /** * Spring Security Config @@ -25,6 +29,19 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { this.securityProperties = securityProperties; } + @Bean + public CorsFilter corsFilter() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowCredentials(true); + configuration.addAllowedOriginPattern("*"); + configuration.addAllowedHeader("*"); + configuration.addAllowedMethod("*"); + configuration.setMaxAge(7200L); + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return new CorsFilter(source); + } + @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeHttpRequests() @@ -36,7 +53,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .csrf() .disable() .cors() - .disable() + .and() .formLogin() .disable(); } diff --git a/service-gateway/src/main/java/com/lanyuanxiaoyao/service/gateway/configuration/SecurityConfiguration.java b/service-gateway/src/main/java/com/lanyuanxiaoyao/service/gateway/configuration/SecurityConfiguration.java index d7449a2..c3f0066 100644 --- a/service-gateway/src/main/java/com/lanyuanxiaoyao/service/gateway/configuration/SecurityConfiguration.java +++ b/service-gateway/src/main/java/com/lanyuanxiaoyao/service/gateway/configuration/SecurityConfiguration.java @@ -10,7 +10,7 @@ import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.web.cors.CorsConfiguration; -import org.springframework.web.cors.reactive.CorsConfigurationSource; +import org.springframework.web.cors.reactive.CorsWebFilter; import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource; /** @@ -33,22 +33,23 @@ public class SecurityConfiguration { .httpBasic() .disable() .cors() - .configurationSource(corsConfigurationSource()) .and() .csrf() .disable() .build(); } - private CorsConfigurationSource corsConfigurationSource() { + @Bean + public CorsWebFilter corsWebFilter() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowCredentials(true); configuration.addAllowedHeader("*"); configuration.addAllowedMethod("*"); configuration.addAllowedOriginPattern("*"); + configuration.setMaxAge(7200L); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); - return source; + return new CorsWebFilter(source); } @Bean