【发布时间】:2019-03-02 13:31:07
【问题描述】:
大家好,我正在 (spring/angular) 应用程序中工作,当我发送 GET 请求进行身份验证时,我收到此错误: 我将 angular 5 用于前端,将 spring boot 2/mysql 用于后端
这是我的 spring 安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private Environment env;
@Autowired
private UserSecurityService userSecurityService;
private BCryptPasswordEncoder passwordEncoder() {
return SecurityUtility.passwordEncoder();
}
private static final String[] PUBLIC_MATCHERS= {
"/css/**",
"/js/**",
"/image/**",
"/book/**",
"/user/**",
};
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.cors().disable().
httpBasic().and().
authorizeRequests().antMatchers(PUBLIC_MATCHERS).permitAll().anyRequest().authenticated();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
}
}
这是我的过滤器:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class RequestFilter implements Filter{
public void doFilter(ServletRequest req ,ServletResponse res,FilterChain chain) {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
response.setHeader("Access-Control-Allow-Origin","*");
response.setHeader("Access-Control-Allow-Methodes","POST,PUT,GET,OPTIONS,DELETE");
response.setHeader("Access-Control-Allow-Headers","x-requested-with,x-auth-token");
response.setHeader("Access-Control-Allow-Max-Age","3600");
response.setHeader("Access-Control-Allow-Credentials","true");
if(!request.getMethod().equalsIgnoreCase("OPTIONS")){
try {
chain.doFilter(req, res);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
else {
System.out.println("preflight");
response.setHeader("Access-Control-Allow-Methodes","POST,GET,DELETE");
response.setHeader("Access-Control-Allow-Max-Age","3600");
response.setHeader("Access-Control-Allow-Headers","authorization,content-type,x-auth-token,access-control-request-headers,access-control-request-method,accept,origin,x-requested-with");
response.setStatus(HttpServletResponse.SC_OK);
}
}
public void init(FilterConfig filterConfig) {
}
public void destroy() {
}
}
这是我的控制器:
@RequestMapping("/token")
public Map<String, String> token(HttpSession session,HttpServletRequest request){
String remoteHost=request.getRemoteHost();
int portNumber=request.getRemotePort();
System.out.println(remoteHost +":"+portNumber);
System.out.println(request.getRemoteAddr());
return Collections.singletonMap("token",session.getId());
}
这是我的 Angular 5 服务:
@Injectable()
export class LoginService {
constructor(private http: HttpClient) {
}
sendCredential(username: string, password: string) {
let url = "http://localhost:8080/token";
let encodedCredentials = btoa(username + ':' + password);
let basicHeader = "Basic " + encodedCredentials;
let headers=new HttpHeaders({
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': basicHeader
});
return this.http.get(url,{headers:headers});
}
}
【问题讨论】:
-
401表示未经授权的请求,对于请求http://localhost:8080/token也是后端期望jwt令牌的人,这是后端的错误
标签: spring angular rest spring-boot