Disable Spring Security for OPTIONS Http Method

前端未结

关注

 6  2464

自闭症患者 2020-11-27 13:37

Is it possible to disable Spring Security for a type of HTTP Method?

We have a Spring REST application with services that require Authorization token to be attached

6条回答

旧巷少年郎 (楼主)

2020-11-27 14:25

If you're using annotation-based security config then you should add spring's CorsFilter to the application context by calling .cors() in your config, something like this:

@Override
protected void configure(HttpSecurity http) throws Exception
{
     http
    .csrf().disable()
    .authorizeRequests()
      .antMatchers("/resources/**").permitAll()
      .anyRequest().authenticated()
    .and()
    .formLogin()
    .and()
    .httpBasic()
    .and()
    .cors();
}

0 讨论(0)

查看其它6个回答