From fe3da55cd2977da50f58845c4241220251f9b3d2 Mon Sep 17 00:00:00 2001 From: Coolance Date: Sat, 13 Dec 2025 17:45:24 +0800 Subject: [PATCH] =?UTF-8?q?=E7=AE=80=E5=8C=96CorsFilter=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../framework/config/ResourcesConfig.java | 22 --------------- .../framework/config/SecurityConfig.java | 28 +++++++++++++------ 2 files changed, 20 insertions(+), 30 deletions(-) diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java index 12d354946..c1c6819e0 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java @@ -47,26 +47,4 @@ public class ResourcesConfig implements WebMvcConfigurer { registry.addInterceptor(repeatSubmitInterceptor).addPathPatterns("/**"); } - - /** - * 跨域配置 - */ - @Bean - public CorsFilter corsFilter() - { - CorsConfiguration config = new CorsConfiguration(); - // 设置访问源地址 - config.addAllowedOriginPattern("*"); - // 设置访问源请求头 - config.addAllowedHeader("*"); - // 设置访问源请求方法 - config.addAllowedMethod("*"); - // 有效期 1800秒 - config.setMaxAge(1800L); - // 添加映射路径,拦截一切请求 - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", config); - // 返回新的CorsFilter - return new CorsFilter(source); - } } \ No newline at end of file diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java index 4dd975dfe..a9ca9abb1 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java @@ -13,12 +13,18 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.logout.LogoutFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.CorsFilter; import com.ruoyi.framework.config.properties.PermitAllUrlProperties; import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter; import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl; import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl; +import java.time.Duration; +import java.util.List; + /** * spring security配置 * @@ -45,12 +51,6 @@ public class SecurityConfig */ @Autowired private JwtAuthenticationTokenFilter authenticationTokenFilter; - - /** - * 跨域过滤器 - */ - @Autowired - private CorsFilter corsFilter; /** * 允许匿名访问的地址 @@ -112,8 +112,7 @@ public class SecurityConfig // 添加JWT filter .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) // 添加CORS filter - .addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class) - .addFilterBefore(corsFilter, LogoutFilter.class) + .cors(cors -> cors.configurationSource(corsConfigurationSource())) .build(); } @@ -125,4 +124,17 @@ public class SecurityConfig { return new BCryptPasswordEncoder(); } + + @Bean + CorsConfigurationSource corsConfigurationSource() { + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowCredentials(true); + configuration.setAllowedOrigins(List.of("*")); + configuration.setAllowedMethods(List.of("*")); + configuration.setAllowedHeaders(List.of("*")); + configuration.setMaxAge(Duration.ofMinutes(30L)); + source.registerCorsConfiguration("/**", configuration); + return source; + } }