添加了Filter解决跨域问题配置:
@Component
public class SimpleCORSFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
String origin = (String) servletRequest.getRemoteHost()+":"+servletRequest.getRemotePort();
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization");
response.setHeader("Access-Control-Allow-Credentials","true");
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {}
@Override
public void init(FilterConfig filterConfig) throws ServletException {}
}
但是这个配置似乎被springsecurity给拦截了并没有成功添加上去,当我给url设置忽略权限限制时( /order/** ):
@Override
public void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/order/**").permitAll()
.anyRequest().authenticated();
http.csrf()
.disable()
.formLogin()
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/index")
.failureUrl("/loginError")
.permitAll();
}
此时跨域配置是可以正常生效的,但是如果删除上面的/order/**,就会出现415的跨域问题,why?