cors跨域

@Configuration
    @EnableWebSecurity
    @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
    public class CorsSecurityConfig extends WebSecurityConfigurerAdapter {




        //自定义过滤器

        @Autowired
        YourCorsFilter yourCorsFilter;
        
        //自定义token过滤器

        @Autowired
        TokenFilter tokenFilter;

        //自定义token认证provider
        @Autowired
        TokenAuthenticationProvider tokenAuthenticationProvider;

        @Override
        public void configure(WebSecurity web) throws Exception {
            web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**")

.antMatchers("/swagger-resources/**", "/swagger-ui/**", "/v2/api-docs/**")

                    .antMatchers("/swagger-ui.html/**")
                    .antMatchers("/swagger-ui.htm/**")
                    ;
        }





    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class).addFilterBefore(

yourCorsFilter

, TokenFilter.class);
        http.cors().and()
                .csrf().disable()
                // Disable CSRF for simplicity, be careful with this in production
                .authorizeRequests()

.antMatchers("/my-service/**").authenticated()

                .antMatchers("/swagger-ui.html/**").permitAll()
                .antMatchers("/swagger-ui.htm/**").permitAll()
                
                .antMatchers(HttpMethod.OPTIONS).permitAll()

.antMatchers(HttpMethod.POST).authenticated()

                .antMatchers(HttpMethod.GET).authenticated()
                
                .antMatchers(HttpMethod.PUT).authenticated()
                .antMatchers(HttpMethod.DELETE).authenticated()
                .antMatchers(HttpMethod.PATCH).authenticated()
                ;


        ;;

    }


        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationProvider(

tokenAuthenticationProvider

);
        }




    }




public class

TokenAuthenticationProvider implements AuthenticationProvider, InitializingBean {



}

@Order(0)
@Component
public class YourCorsFilter extends GenericFilterBean {


    public ApaasCorsFilter() {}

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        HttpServletRequest request = (HttpServletRequest) servletRequest;

        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); 
        response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS,PATCH");
        response.setHeader("Access-Control-Allow-Headers", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
       //options 方法直接返回ok 绕过认证 options通常不带authrization
        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
            return;
        }

        filterChain.doFilter(servletRequest, response);
    }

}