【发布时间】:2021-01-29 01:07:56
【问题描述】:
我正在使用 Spring 和 Angular 构建应用程序,目前,我正在尝试使用 Spring 安全性和 (JWT) 来实现安全阶段
问题是当我从 Angular 发送 Authorization header 时,Spring 没有收到它!
即使我确定它已经在请求中(来自 chrome 开发工具)。
此外,当我从 ARC(来自 chrome 的高级 REST 客户端) 发送具有相同标头的相同请求时,spring 会收到它并返回数据!
在 Angular 方面,我当然使用HttpInterceptor 将令牌添加到请求中,如下所示:
export class HttpInterceptorService implements HttpInterceptor{
private _api = `${environment.api}/api`;
constructor(
private _authService: AuthenticationService
) { }
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>>{
if(req.url.startsWith(this._api)){
req = req.clone({
setHeaders: {
Authorization: `Bearer ${this._authService.getToken()}`
}
});
}
return next.handle(req);
}
}
这就是我在春天做的事情:
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
@Autowired
private JwtUserDetailsService jwtUserDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
private List<String> excludedURLsPattern = Arrays.asList(new String[]{"/authenticate"});
@Override
protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
return excludedURLsPattern
.stream()
.anyMatch(urlPattern -> request.getRequestURL().toString().contains(urlPattern));
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
System.out.println("=== request URL: "+request.getRequestURL());
final String requestTokenHeader = request.getHeader("Authorization");
System.out.println("=== requestTokenHeader: "+requestTokenHeader);// in this line I always get null (when using Angular not ARC) !!
String username = null;
String jwtToken = null;
// JWT Token is in the form "Bearer token". Remove Bearer word and get
// only the Token
if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
jwtToken = requestTokenHeader.substring(7);
try {
username = jwtTokenUtil.getUsernameFromToken(jwtToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has expired");
}
} else {
logger.warn("JWT Token does not begin with Bearer String");
}
// Once we get the token validate it.
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.jwtUserDetailsService.loadUserByUsername(username);
// if token is valid configure Spring Security to manually set
// authentication
if (jwtTokenUtil.validateToken(jwtToken, userDetails)) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken
.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
// After setting the Authentication in the context, we specify
// that the current user is authenticated. So it passes the
// Spring Security Configurations successfully.
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
chain.doFilter(request, response);
}
}
这是我得到的信息:
2020-10-14 15:11:17.664 WARN 9856 --- [nio-5000-exec-1] c.s.c.security.config.JwtRequestFilter : JWT Token does not begin with Bearer String
【问题讨论】: