堆栈内存溢出
  简体   繁体   English

Angular 1.4,POST,Spring Security,CORS

[英]Angular 1.4, POST, Spring Security, CORS

 原文  2015-11-23 14:41:15       angularjs/ spring-mvc/ post/ spring-security/ cors

问题描述

In my former post, i was trying to send a JSON with a list from angular to spring mvc with POST method. 在我以前的文章中,我尝试使用POST方法发送一个包含从angular到spring mvc的列表的JSON。 And now it works fine !!! 现在工作正常! controller : 控制器: 

@RequestMapping(value="/create/", method=RequestMethod.POST)
@ResponseBody
public StatusResponse create(@RequestBody EventsDTO events) throws TechnicalException {
return new StatusResponse();
}

Angular : 角度: 

 var _queryPost = function(url, data, defData) {

        $http({
          headers: {'Content-Type': 'application/json',
                    'Accept': 'application/json'},
          method: 'POST',
          url: url,
          //params: data,
          data: data,
            withCredentials: true
        })
          .success(function (data, status, headers, config) {
            defData.$resolve(data);
            $log.info(data);
          })
          .error(function (data, status, headers, config) {
            defData.$reject(data);
          });

        return defData;
    };

But to succeed i had to comment Spring security... When i use spring security, i got Error 401 with POST request that becomes OPTIONS request. 但是要成功,我必须评论Spring安全性...当我使用Spring安全性时,POST请求的错误401变成了OPTIONS请求。 After reading a lot of docs and posts, i understood that : 1- a first OPTIONS request is done before sending the POST request (it's a check) 2- The error happens because 'Content-type' value is "application/json". 在阅读了许多文档和帖子之后,我了解到:1-在发送POST请求之前完成了第一个OPTIONS请求(这是一项检查)2-由于“ Content-type”值为“ application / json”,因此发生了错误。 The allowed Content-Type values are "application/x-www-form-urlencoded" and others that i have forgotten but not "application/json" 允许的Content-Type值是“ application / x-www-form-urlencoded”以及其他我已忘记但未忘记的“ application / json”值

The problem is that if i change the value of my Content-type in Angular i got error 415.... 问题是,如果我在Angular中更改Content-type的值,则会收到错误415。

I have tryed differents things i have found, like some adds in angular : 我尝试了一些不同的东西,比如在angular中添加了一些东西: 

$httpProvider.defaults.headers.common['X-XSRF-Token'] = $('meta[name=csrf-token]').attr('content')
$httpProvider.defaults.withCredentials = true;
$httpProvider.defaults.headers.common={'Accept' : 'application/json'};
$httpProvider.defaults.headers.post={'Content-Type' : 'application/json'};
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];

But i think it doesn't work with angular version > 1.2 (i use 1.4) This is my Spring security config in web.xml : 但是我认为它不适用于> 1.2的角版本(我使用1.4),这是web.xml中的Spring安全配置: 

<!-- CORS related filter -->
<filter>
    <filter-name>CORS</filter-name>
    <filter-class>
      org.eclipse.jetty.servlets.CrossOriginFilter
    </filter-class>

    <init-param>
        <param-name>allowedOrigins</param-name>
        <param-value>*</param-value>
    </init-param>
   <init-param>
        <param-name>allowedMethods</param-name>
        <param-value>GET,POST,DELETE,PUT,HEAD,OPTIONS</param-value>
    </init-param>
    <init-param>
        <param-name>allowedHeaders</param-name>
        <param-value>
           origin, content-type, accept, authorization, 
              x-requested-with, access-token, x-xsrf-token
        </param-value>
    </init-param>
    <init-param>
        <param-name>supportsCredentials</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>CORS</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>


<!-- Spring Security Filters -->
<filter>
   <filter-name>springSecurityFilterChain</filter-name>
   <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

So what can i do to pass my EventsDTO bean with spring security ? 那么,我该怎么办才能让我的EventsDTO bean具有春季安全性呢? Must i change Angular config or spring security config ? 我必须更改Angular配置或spring安全配置吗? and HOW ? 如何 ?

1 个解决方案

解决方案1
 0  2015-11-23 15:28:50

If you don't need to do anything specific for CORS OPTION prefligh request (I believe you don't), then just configure CrossOriginFilter to answer w/o passing it to main app. 如果您不需要为CORS OPTION预检请求做任何特定的事情(我相信您不需要),那么只需配置CrossOriginFilter即可回答不将其传递给主应用程序的问题。 As I understand it can be done through: 据我了解,可以通过以下方式完成: 

<init-param>
    <param-name>chainPreflight</param-name>
    <param-value>false</param-value>
</init-param>

or, if it doesn't work, make an empty Spring controller for OPTION requests. 或者,如果它不起作用,请为OPTION请求创建一个空的Spring控制器。

PS app shouldn't make any meaningful response for such OPTION request, it's a CORS preflight , so just respond with Access-Control-XXX headers. PS应用程序不应对此类OPTION请求做出任何有意义的响应,这是CORS的预检 ,因此仅使用Access-Control-XXX标头进行响应。 That's what CrossOriginFilter will do. 这就是CrossOriginFilter会做的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 不支持Spring安全性Angular Post - Spring security Angular Post not supported Spring-security的CORS问题 - CORS problems with Spring-security CORS发布AngularJS和Spring Security - CORS issue angularjs and spring security Spring Security CORS过滤器无法正常工作 - Spring Security CORS filter not working Angular、CORS 和 Spring 的问题 - Problems with Angular, CORS and Spring CORS angular js + restEasy on POST - CORS angular js + restEasy on POST Spring 4 Security + CORS + AngularJS - 奇怪的重定向 - Spring 4 Security + CORS + AngularJS - Weird redirect AngularJS $ Http CORS与Spring Rest&Security中的后端 - AngularJS $Http CORS with backend in Spring Rest & Security Spring Security REST和Angular - Spring Security REST and Angular 带角的弹簧安全 - Spring security with angular
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM