403禁止访问Spring Boot Web Socket调用

Question

403禁止访问Spring Boot Web Socket调用

springwebsocketspring-bootcorsspring-websocket

9

我正在使用Spring Boot 1.3.0.RELEASE。我的代码基于Spring Boot中使用Stomp和SocketJS的Websocket入门指南。

当我从localhost:8080（Spring服务器）运行客户端时...当然它可以工作。直到我尝试从不同的端口调用它时，我才收到403 Forbidden的错误。我的CorsFilter设置如下。

使用Spring Boot开始Web Sockets

我的客户端是....http://localhost:3000

我的Spring Boot服务器是...http://localhost:8080

我设置了CorsFilter以访问我的客户端...

CorsFilter

package hello;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
public class CorsFilter implements Filter {

    private final Logger log = LoggerFactory.getLogger(CorsFilter.class);

    public CorsFilter() {
        log.info("SimpleCORSFilter init");
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        String clientOrigin = request.getHeader("origin");
        response.addHeader("Access-Control-Allow-Origin", clientOrigin);
        response.setHeader("Access-Control-Allow-Methods", "POST, GET,  DELETE, PUT");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers",
                "Origin, Accept, X-Requested-With, Content-Type, " +
                        "Access-Control-Request-Method, Access-Control-Request-Headers");

        if (request.getMethod().equals("OPTIONS")) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(request, response);
        }
    }

    @Override
    public void init(FilterConfig filterConfig) {
    }

    @Override
    public void destroy() {
    }

}

请求头

Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Host:localhost:8080
Origin:http://localhost:3000
Referer:http://localhost:3000/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36

响应头

Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:POST, GET,  DELETE, PUT
Access-Control-Allow-Origin:http://localhost:3000
Access-Control-Max-Age:3600
Cache-Control:no-store, no-cache, must-revalidate, max-age=0
Content-Length:0
Date:Wed, 02 Dec 2015 13:59:25 GMT
Server:Apache-Coyote/1.1

- numerical25

也许你缺少了

response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");

这一行代码？ - abinsalm

我会尝试一下。 - numerical25

不是，我更新了我添加的内容。 - numerical25

1

尝试在WebSocket配置类（AbstractWebSocketMessageBrokerConfigurer）的registerStompEndpoints方法中添加setAllowedOrigins("*")。例如：registry.addEndpoint("/chat").setAllowedOrigins("*").withSockJS(); - Bojan Trajkovski

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Mr. Spice · Accepted Answer

如果其他人遇到这个问题，可以参考以下答案。如评论中所建议的那样，您需要使用 setAllowedOrigins 方法，并按照文档中所述进行设置。因此，假设您正在遵循此教程，您将得到如下配置类：

@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {

  @Override
  public void configureMessageBroker(MessageBrokerRegistry config) {
    config.enableSimpleBroker("/your/topic");
    config.setApplicationDestinationPrefixes("/yourapp");
  }

  @Override
  public void registerStompEndpoints(StompEndpointRegistry registry) {
    registry.addEndpoint("/your/endpoint").setAllowedOrigins("http://localhost:3000").withSockJS();
  }

}

这将允许在本地主机上运行的 stomp 客户端通过订阅 /your/endpoint 来进行连接。