I created a CRSF configuration class that solved the original cross-domain problem, but I created a new Admincontroller and the new Admincontroller had cross-domain problems. I created the same method in both the previous UserController and the new AdminController, but the new controller has cross-domain problems with cross-access while the old one does not.

This is the cross-domain configuration class

@Configuration
public class CorsConfigFilter {

    // 跨域请求处理
    @Bean
    public CorsFilter corsFilter() {
        CorsConfiguration config = new CorsConfiguration();
        //允许所有域名进行跨域调用
        config.addAllowedOrigin("*");
        //允许所有请求头
        config.addAllowedHeader("*");
        //允许所有方法
        config.addAllowedMethod("*");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }
}

This is our new controller

@RestController
@RequestMapping("/users")
@Api(tags = "管理员")
public class AdminLoginController {

    @Resource
    private UserService userService;

    @ApiOperation(value = "修改密码")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "userId",value = "用户id",dataType = "Integer",dataTypeClass = Integer.class),
            @ApiImplicitParam(name = "password" ,value = "新密码",dataType = "String",dataTypeClass = String.class),
            @ApiImplicitParam(name = "oldPwd",value = "旧密码",dataType = "String",dataTypeClass = String.class)
    })
    @PostMapping("/update/password")
    public CommonResult updatePassword(@RequestBody UserVo userVo){
        //查询旧密码是否存在
        //不存在
        if(!userService.findOldPwd(userVo)){
         return CommonResult.failed("旧密码错误");
        }
        //修改旧密码
        int result = userService.updatePassword(userVo);
        return result > 0 ? CommonResult.success("修改密码成功") : CommonResult.failed("修改密码失败");
    }

    @GetMapping("/hello")
    public String hello(){
        return "lyj";
    }
}

This is the original controller

@RestController
@RequestMapping("/user")
@Api(tags = "用户接口")
public class UserController {
    @Resource
    private UserService userService;
    @Resource
    private VerifyCodeUtils verifyCodeUtils;
    @Resource
    private SecurityUtils securityUtils;

    @Value("${jwt.tokenHeader}")
    private String tokenHeader;
    @Value("${jwt.tokenHead}")
    private String tokenHead;


    @GetMapping("/hello")
    public String hello(){
        return "lyj";
    }
}

CodePudding user response：

I found that the cross-domain problem caused by spring security permission interception,But when I use the postman tool to test the data, it is normal, and there is a cross-domain problem when I access the front end. I don't know why.

CodePudding user response：

Actually, your "solution" doesn't fix the cross domain problem, it ignores it by permitting all cross domain requests.

I suggest you do some reading on cross domain attacks, as your solution is going to allow them.

Basically your approach is like saying "the police warned me about leaving my doors unlocked, so I removed my doors." You misunderstand that the warning is about your code permitting an attack; and the solution should not be to remove the warning, it should be to fix the cross domain requests.