Для моего текущего проекта я использую библиотеку Spring Lemon с версией 1.0.0.RC1. Когда я делаю запрос / api / core / context, я не получаю заголовки Set-Cookie и X-XSRF-TOKEN.
Для моих более ранних проектов я использовал Spring Lemon 0.9.0, и он работал отлично, после контекстного запроса я мог установить эти параметры и сделать больше запросов. Теперь я не могу их получить, и если я сделаю какой-либо запрос, отличный от / context или / ping, я получу «Недопустимый запрос CORS» в качестве ответа.
Мой код похож на пример проекта: https://github.com/naturalprogrammer/spring-lemon/wiki/Getting-Started-With-Spring-Lemon с двумя изменениями:
- Я использую application.properties вместо yml. (Позже я хочу, чтобы он был вне пакета, и
@PropertySource работает только с .properties.)
- Я использую военную упаковку вместо банки. Я развернул его в Apache Tomcat. Итак, в application.properties я изменил
lemon.cors.allowed-origins: http://localhost:9000 на lemon.cors.allowed-origins: http://localhost:8080
Журнал после запроса контекста:
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 4 of 14 in additional filter chain; firing Filter: 'CorsFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 5 of 14 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2019-01-06 10:44:41 DEBUG AntPathRequestMatcher:176 - Checking match of request : '/api/core/context'; against '/oauth2/authorization/{registrationId}'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 6 of 14 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2019-01-06 10:44:41 DEBUG AndRequestMatcher:66 - Trying to match using Ant [pattern='/login/oauth2/code/*']
2019-01-06 10:44:41 DEBUG AntPathRequestMatcher:176 - Checking match of request : '/api/core/context'; against '/login/oauth2/code/*'
2019-01-06 10:44:41 DEBUG AndRequestMatcher:69 - Did not match
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 7 of 14 in additional filter chain; firing Filter: 'LemonJpaTokenAuthenticationFilter'
2019-01-06 10:44:41 DEBUG LemonCommonsWebTokenAuthenticationFilter:42 - Inside LemonTokenAuthenticationFilter ...
2019-01-06 10:44:41 DEBUG LemonCommonsWebTokenAuthenticationFilter:70 - Token authentication skipped
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 8 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-01-06 10:44:41 DEBUG AntPathRequestMatcher:156 - Request 'GET /api/core/context' doesn't match 'POST /api/core/login'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-01-06 10:44:41 DEBUG AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@8a1370cd: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-01-06 10:44:41 DEBUG FilterChainProxy:328 - /api/core/context at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-01-06 10:44:41 DEBUG RequestMappingHandlerMapping:420 - Mapped to public java.util.Map<java.lang.String, java.lang.Object> com.naturalprogrammer.spring.lemon.LemonController.getContext(java.util.Optional<java.lang.Long>,javax.servlet.http.HttpServletResponse)
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /api/core/context; Attributes: [permitAll]
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@8a1370cd: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2019-01-06 10:44:41 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@33757a2b, returned: 1
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:243 - Authorization successful
2019-01-06 10:44:41 DEBUG FilterSecurityInterceptor:256 - RunAsManager did not change Authentication object
2019-01-06 10:44:41 DEBUG FilterChainProxy:313 - /api/core/context reached end of additional filter chain; proceeding with original chain
2019-01-06 10:44:41 DEBUG DispatcherServlet:90 - GET "/CSGOStats/api/core/context", parameters={}
2019-01-06 10:44:41 DEBUG RequestMappingHandlerMapping:420 - Mapped to public java.util.Map<java.lang.String, java.lang.Object> com.naturalprogrammer.spring.lemon.LemonController.getContext(java.util.Optional<java.lang.Long>,javax.servlet.http.HttpServletResponse)
2019-01-06 10:44:41 DEBUG OpenEntityManagerInViewInterceptor:86 - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2019-01-06 10:44:41 DEBUG LemonController:84 - Getting context
2019-01-06 10:44:41 DEBUG JpaTransactionManager:355 - Found thread-bound EntityManager [SessionImpl(631661686<open>)] for JPA transaction
2019-01-06 10:44:41 DEBUG LemonService:179 - Getting context ...
2019-01-06 10:44:41 DEBUG LemonController:86 - Returning context: {context={reCaptchaSiteKey=6LdwxRcUAAAAABkhOGWQXhl9FsR27D5YUJRuGzx0, shared={foobar=123...}}, user=null}
2019-01-06 10:44:41 DEBUG RequestResponseBodyMethodProcessor:267 - Using 'application/json;q=0.8', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8] and supported [application/json, application/*+json, application/json, application/*+json]
2019-01-06 10:44:41 DEBUG RequestResponseBodyMethodProcessor:90 - Writing [{context={reCaptchaSiteKey=6LdwxRcUAAAAABkhOGWQXhl9FsR27D5YUJRuGzx0, shared={foobar=123...}}, user=null}]
2019-01-06 10:44:41 DEBUG HstsHeaderWriter:129 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@47453fa7
2019-01-06 10:44:41 DEBUG OpenEntityManagerInViewInterceptor:111 - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2019-01-06 10:44:41 DEBUG EntityManagerFactoryUtils:418 - Closing JPA EntityManager
2019-01-06 10:44:41 DEBUG DispatcherServlet:1130 - Completed 200 OK
2019-01-06 10:44:41 DEBUG ExceptionTranslationFilter:121 - Chain processed normally
2019-01-06 10:44:41 DEBUG SecurityContextPersistenceFilter:119 - SecurityContextHolder now cleared, as request processing completed
Чего мне не хватает? Заранее спасибо!