Spring Security処理クロスドメイン

1.手書きでフィールドをまたぐ処理Filter

public class CorsFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
            FilterChain filterChain) throws ServletException, IOException {
        String orignalHeader = StringUtils.defaultIfBlank(request.getHeader("Origin"), "*");
        //             
        response.setHeader("Access-Control-Max-Age", "3600");
        //              
        response.setHeader("Access-Control-Allow-Headers", request.getHeader("Access-Control-Request-Headers"));
        response.setHeader("Access-Control-Allow-Origin", orignalHeader);
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
        if (OPTIONS.matches(request.getMethod())) {
            response.setStatus(SC_OK);
        } else {
            filterChain.doFilter(request, response);
        }
    }
}

2.spring-securityモジュールに追加するフィルタチェーンのヘッド位置

public class WebMvcConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(new CorsFilter (), WebAsyncManagerIntegrationFilter.class);
    }
}