Spring CorsFilter似乎仍然没有在预检请求上收到401

嗨，我刚开始尝试弹出安全性，并试图找出如何配置auth服务器来发出令牌。 我现在遇到的问题是我在Cors预检请求上收到了401或403，并且不确定如何解决以下是基于少数教程的裸机实现

https://spring.io/blog/2015/06/08/cors-support-in-spring-framework http://www.baeldung.com/spring-security-oauth-jwt

@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity @PropertySource(value = "classpath:oauth.properties") public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserRepository userRepository; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider()); } @Override public void configure(WebSecurity web) throws Exception { super.configure(web); } @Autowired ObjectMapper mapper; @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.authorizeRequests().antMatchers(HttpMethod.OPTIONS,"/oauth/token").permitAll() .anyRequest().authenticated(); } @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Override protected void configure(final AuthenticationManagerBuilder auth) throws Exception{ auth.inMemoryAuthentication(). withUser("john").password("123").roles("USER"). and(). withUser("tom").password("111").roles("ADMIN"); } @Bean public FilterRegistrationBean corsFilter() { FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter2()); bean.setOrder(0); return bean; } } @Configuration @EnableAuthorizationServer public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter{ @Autowired private Environment env; @Autowired @Qualifier("authenticationManagerBean") private AuthenticationManager authenticationManager; @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer){ oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()"); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception{ clients.inMemory().withClient("acme").secret("acmesecret").authorizedGrantTypes("authorization_code", "refresh_token", "password").scopes("openId"); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints){ final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain(); tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(),accessTokenConverter())); endpoints.tokenStore(tokenStore()) .tokenEnhancer(tokenEnhancerChain) .authenticationManager(authenticationManager); } @Bean public JwtAccessTokenConverter accessTokenConverter(){ final JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); return converter; } @Bean public TokenStore tokenStore(){ return new JwtTokenStore(accessTokenConverter()); } @Bean public FilterRegistrationBean corsFilter() { FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter2()); bean.setOrder(0); return bean; } @Bean @Primary public DefaultTokenServices tokenServices() { DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); defaultTokenServices.setTokenStore(tokenStore()); defaultTokenServices.setSupportRefreshToken(true); return defaultTokenServices; } } 

CorsFilter2是在春季4.2中引入的spring corsfilter我正在使用它来插入适当的响应头以发送回客户端。

  web.ignoring().requestMatchers(CorsUtils::isPreFlightRequest); 

• java计时器更改延迟按钮
• Java图形检验模拟;

• Spring Global CORS配置不起作用，但控制器级配置不起作用
• 在ContainerResponseFilter中获得响应（JAX-RS 2）
• IE11 CORS拒绝https上的OPTIONS
• 在Spring 5 Webflux中启用CORS？
• 如何将Cross Origin资源共享与Spring MVC 4.0.0 RESTful Webservice集成
• Spring Security的跨源资源共享
• Access-Control-Allow-Origin在ajax调用泽西restWeb服务中
• 请求的资源上不存在Access-Control-Allow-Origin标头
• 预检的响应具有无效的HTTP状态代码401 – Spring