Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java为什么我会用Swagger和OIDC得到“无法读取服务器错误”?

2 周,3 日 Questions & Answers

我通过调用另一个域上的MITREid服务器将OIDC添加到一个swagger应用程序中。我已将重定向URI设置为http://localhost:8080/swagger-ui.html当我授权我获得:

Can't read from server. It may not have the appropriate 
access-control-origin settings

错误

我的web安全配置是:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Value("${security.activation.status}")
private boolean securityActivationStatus;

@Value("${security.user.name}")
private String builtinUserName;

@Value("${security.user.password}")
private String builtinPassword;

@Autowired
private OAuth2RestTemplate restTemplate;


 */
String[] apiPath = {
        "/v2/api-docs",
        "/configuration/ui",
        "/swagger-resources",
        "/configuration/security",
        "/swagger-ui.html",
        "/webjars/**"
};
    @Override
protected void configure(HttpSecurity http) throws Exception {
    System.out.println("securityActivationStatus=" + securityActivationStatus);
    if (!securityActivationStatus)
        http.authorizeRequests().anyRequest().permitAll();

    else {
        http
        .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
        .addFilterAfter(myFilter(), OAuth2ClientContextFilter.class)
        .httpBasic().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/openid_connect_login"))
        .and()
        .authorizeRequests()
        .antMatchers(apiPath).permitAll()
        .antMatchers("/v1/**").authenticated();
    }




    http.csrf().disable();
    http.headers().frameOptions().disable();
}

@Bean
public OpenIdConnectFilter myFilter() {

    final OpenIdConnectFilter filter = new OpenIdConnectFilter("/openid_connect_login");
    filter.setRestTemplate(restTemplate);
    return filter;
}

POM包括:

<properties>
        <springfox.version>2.7.0</springfox.version>
        <swagger.version>1.5.17</swagger.version>
        <swagger2markup.version>1.3.1</swagger2markup.version>
        <!-- For CheckStyle -->
        <linkXRef>false</linkXRef>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <spring-security-oauth2.version>2.2.1.RELEASE</spring-security-oauth2.version>
        <spring-security-jwt.version>1.0.9.RELEASE</spring-security-jwt.version>
        <jwks-rsa.version>0.3.0</jwks-rsa.version>
        <mitreid-connect-version>1.3.1</mitreid-connect-version>
    </properties>

从我的研究看来,这可能与CORS有关。这听起来像是一个可能的问题,还是我的代码可能遗漏了什么?如果是CORS,你能告诉我如何分类的正确方向吗?我完全是个招摇过市的人


共 (2) 个答案

  1. # 1 楼答案

    如果它对某人有帮助,答案是/openid_connect_login是错误的uri

  2. # 2 楼答案

    启用cors:

    @Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    final HttpServletResponse response = (HttpServletResponse) res;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
    if (HttpMethod.OPTIONS.name().equalsIgnoreCase(((HttpServletRequest) req).getMethod())) {
        response.setStatus(HttpServletResponse.SC_OK);
    } else {
        chain.doFilter(req, res);
    }
}

@Override
public void destroy() {
}

@Override
public void init(FilterConfig config) throws ServletException {
}
}