Keycloak角度应用程序文件上传未发送令牌
[英]Keycloak angular app file uploading not sending token
问题描述
This is my angular configuration for appending keycloak token with every HTTP request. 
这是我在每个HTTP请求中附加keycloak令牌的角度配置。
module.factory('authInterceptor', function($q, Auth) {
return {
request: function (config) {
var deferred = $q.defer();
if (Auth.authz.token) {
Auth.authz.updateToken(5).success(function() {
config.headers = config.headers || {};
config.headers.Authorization = 'Bearer ' + Auth.authz.token;
deferred.resolve(config);
}).error(function() {
deferred.reject('Failed to refresh token');
});
}
return deferred.promise;
}
};
});
module.config(["$httpProvider", function ($httpProvider) {
$httpProvider.interceptors.push('authInterceptor');
}]);
This is the request I sending to the backend. 这是我发送到后端的请求。 It seems the request not adding keycloak token, so I'm getting 403 forbidden error. 似乎请求未添加keycloak令牌,因此我收到403禁止错误。
var formData = new FormData(file);
formData.append('file', file);
return $http({
method: 'POST',
url: API_BASE + '/uploadEmployeeDetails/excelUpload',
headers: {
'Content-Type': undefined
},
data: formData,
transformRequest: function(data, headersGetterFunction) {
return data;
}
});
Backend security config 后端安全配置
1 个解决方案
解决方案1
1 已采纳 2017-06-07 07:25:21
Since you are able to send the token to the back-end as you can see from the network tab of the browser. 因为您可以将token发送到后端,如浏览器的“网络”选项卡所示。
The issue is in the api side on handling the csrf token 问题出在处理csrf token的api方面
If the csrf token is enabled by default you should disable it. 如果默认情况下启用了csrf token ,则应禁用它。
Here is the code with your help, to disable it 这是在您帮助下的代码,以将其禁用
http.csrf().disable();
http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
.authorizeRequests().antMatchers("/**")
.hasAnyRole("ORG_ADMIN", "EMPLOYEE", "PARENT", "STUDENT")
.anyRequest().permitAll();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.