[英]Angular 1.4, POST, Spring Security, CORS
In my former post, i was trying to send a JSON with a list from angular to spring mvc with POST method. 在我以前的文章中,我尝试使用POST方法发送一个包含从angular到spring mvc的列表的JSON。 And now it works fine !!! 现在工作正常! controller : 控制器:
@RequestMapping(value="/create/", method=RequestMethod.POST)
@ResponseBody
public StatusResponse create(@RequestBody EventsDTO events) throws TechnicalException {
return new StatusResponse();
}
Angular : 角度:
var _queryPost = function(url, data, defData) {
$http({
headers: {'Content-Type': 'application/json',
'Accept': 'application/json'},
method: 'POST',
url: url,
//params: data,
data: data,
withCredentials: true
})
.success(function (data, status, headers, config) {
defData.$resolve(data);
$log.info(data);
})
.error(function (data, status, headers, config) {
defData.$reject(data);
});
return defData;
};
But to succeed i had to comment Spring security... When i use spring security, i got Error 401 with POST request that becomes OPTIONS request. 但是要成功,我必须评论Spring安全性...当我使用Spring安全性时,POST请求的错误401变成了OPTIONS请求。 After reading a lot of docs and posts, i understood that : 1- a first OPTIONS request is done before sending the POST request (it's a check) 2- The error happens because 'Content-type' value is "application/json". 在阅读了许多文档和帖子之后,我了解到:1-在发送POST请求之前完成了第一个OPTIONS请求(这是一项检查)2-由于“ Content-type”值为“ application / json”,因此发生了错误。 The allowed Content-Type values are "application/x-www-form-urlencoded" and others that i have forgotten but not "application/json" 允许的Content-Type值是“ application / x-www-form-urlencoded”以及其他我已忘记但未忘记的“ application / json”值
The problem is that if i change the value of my Content-type in Angular i got error 415.... 问题是,如果我在Angular中更改Content-type的值,则会收到错误415。
I have tryed differents things i have found, like some adds in angular : 我尝试了一些不同的东西,比如在angular中添加了一些东西:
$httpProvider.defaults.headers.common['X-XSRF-Token'] = $('meta[name=csrf-token]').attr('content')
$httpProvider.defaults.withCredentials = true;
$httpProvider.defaults.headers.common={'Accept' : 'application/json'};
$httpProvider.defaults.headers.post={'Content-Type' : 'application/json'};
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
But i think it doesn't work with angular version > 1.2 (i use 1.4) This is my Spring security config in web.xml : 但是我认为它不适用于> 1.2的角版本(我使用1.4),这是web.xml中的Spring安全配置:
<!-- CORS related filter -->
<filter>
<filter-name>CORS</filter-name>
<filter-class>
org.eclipse.jetty.servlets.CrossOriginFilter
</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>allowedMethods</param-name>
<param-value>GET,POST,DELETE,PUT,HEAD,OPTIONS</param-value>
</init-param>
<init-param>
<param-name>allowedHeaders</param-name>
<param-value>
origin, content-type, accept, authorization,
x-requested-with, access-token, x-xsrf-token
</param-value>
</init-param>
<init-param>
<param-name>supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security Filters -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
So what can i do to pass my EventsDTO bean with spring security ? 那么,我该怎么办才能让我的EventsDTO bean具有春季安全性呢? Must i change Angular config or spring security config ? 我必须更改Angular配置或spring安全配置吗? and HOW ? 如何 ?
If you don't need to do anything specific for CORS OPTION prefligh request (I believe you don't), then just configure CrossOriginFilter
to answer w/o passing it to main app. 如果您不需要为CORS OPTION预检请求做任何特定的事情(我相信您不需要),那么只需配置CrossOriginFilter
即可回答不将其传递给主应用程序的问题。 As I understand it can be done through: 据我了解,可以通过以下方式完成:
<init-param>
<param-name>chainPreflight</param-name>
<param-value>false</param-value>
</init-param>
or, if it doesn't work, make an empty Spring controller for OPTION requests. 或者,如果它不起作用,请为OPTION请求创建一个空的Spring控制器。
PS app shouldn't make any meaningful response for such OPTION request, it's a CORS preflight , so just respond with Access-Control-XXX
headers. PS应用程序不应对此类OPTION请求做出任何有意义的响应,这是CORS的预检 ,因此仅使用Access-Control-XXX
标头进行响应。 That's what CrossOriginFilter
will do. 这就是CrossOriginFilter
会做的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.