如何在Spring Boot中以Spring Security级别启用CORS

如何在Spring Boot中以Spring Security级别启用CORS

这是一种使Spring Security 4.1通过Spring BOOT 1.5支持CROS的方法

  @Configurationpublic class WebConfig extends WebMvcConfigurerAdapter {    @Override    public void addCorsMappings(CorsRegistry registry) {        registry.addMapping("/**").allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");    }}

与

@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter {    @Override    protected void configure(HttpSecurity http) throws Exception {//        http.csrf().disable();        http.cors();    }    @Bean    public CorsConfigurationSource corsConfigurationSource() {        final CorsConfiguration configuration = new CorsConfiguration();        configuration.setAllowedOrigins(ImmutableList.of("*"));        configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));        configuration.setAllowCredentials(true);        configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type"));        final UrlbasedCorsConfigurationSource source = new UrlbasedCorsConfigurationSource();        source.registerCorsConfiguration("/**", configuration);        return source;    }}