[英]getting 401 to access http://localhost:8080/oauth/token
I am hitting one end point from my angularjs client app to login when I am doing that one I am getting the following ERROR in browser console 我正在从我的angularjs客户端应用程序中击中一个端点进行登录时,在浏览器控制台中出现以下错误
OPTIONS http://localhost:8080/oauth/token XMLHttpRequest cannot load http://localhost:8080/oauth/token . 选项http:// localhost:8080 / oauth / token XMLHttpRequest无法加载http:// localhost:8080 / oauth / token 。 Invalid HTTP status code 401
无效的HTTP状态代码401
It's server side code to accept CORS from the client. 服务器端代码可以接受来自客户端的CORS。
@Component public class SimpleCORSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); chain.doFilter(req, res); } public void init(FilterConfig filterConfig) {} public void destroy() {} }
It's client side code which calling the http://localhost:8080/oauth/token 客户端代码调用了http:// localhost:8080 / oauth / token
angular.module('frontendApp') .factory('AuthServerProvider', function loginService($http, localStorageService, Base64, API_SERVER) { return { login: function (credentials) { var data = "username=" + credentials.username + "&password=" + credentials.password + "&grant_type=password&scope=read%20write&" + "client_secret=123456&client_id=clientapp"; return $http.post(API_SERVER + 'oauth/token', data, { headers: { "Content-Type": "application/x-www-form-urlencoded", "Accept": "application/json", "Access-Control-Allow-Origin": "*", "Authorization": "Basic " + Base64.encode("clientapp" + ':' + "123456") } }).success(function (response) { var expiredAt = new Date(); expiredAt.setSeconds(expiredAt.getSeconds() + response.expires_in); response.expires_at = expiredAt.getTime(); localStorageService.set('token', response); return response; }); }, logout: function () { // logout from the server $http.post('api/logout').then(function () { localStorageService.clearAll(); }); }, getToken: function () { return localStorageService.get('token'); }, hasValidToken: function () { var token = this.getToken(); return token && token.expires_at && token.expires_at > new Date().getTime(); } }; });
In case of OPTIONS request, you should not do further processing, ie skip the call to chain.doFilter(req, res)
, eg: 如果有OPTIONS请求,则不应进行进一步处理,即跳过对
chain.doFilter(req, res)
的调用,例如:
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
response.addHeader("Access-Control-Allow-Origin", "*");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setHeader("Access-Control-Allow-Methods", "POST,GET,DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "content-type,access-control-request-headers,access-control-request-method,accept,origin,authorization,x-requested-with");
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, resp);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.