简体   繁体   English

没有授权头从Angular发送POST到Spring

[英]No Authorization Header sending POST from Angular to Spring

I have: 我有:

  • a backend server written with Spring Spring编写的后端服务器
  • and a client written in Angular 和一个用Angular编写的客户

I am trying to send a POST request... 我正在尝试发送POST请求...

import { Injectable } from '@angular/core';
import { HttpClient, HttpHeaders } from '@angular/common/http';
import { Observable } from 'rxjs/Observable';
import 'rxjs/add/operator/map';

@Injectable()
export class AuthenticationService {
  constructor(private http: HttpClient) { }

  login(username: string, password: string) {

    const httpOptions = {
      headers: new HttpHeaders({
        'Content-Type' : 'application/x-www-form-urlencoded',
        'Accept' : 'application/json',
        'Authorization' : 'Basic blablabla_base64_encoded'
      })
    };

    const body = 'username=' + username + '&password=' + password + '&grant_type=password';

    console.log(body);
    console.log(httpOptions.headers);
    console.log(this.http.post<any>('http://localhost:8080/oauth/token', body, httpOptions));

    return this.http.post<any>('http://localhost:8080/oauth/token', body, httpOptions)
      .map(
      user => {
        // login successful if there's a jwt token in the response
        if (user && user.token) {
          // store user details and jwt token in local storage to keep user logged in between page refreshes
          localStorage.setItem('currentUser', JSON.stringify(user));
        }

        return user;
      });
  }

  logout() {
    // remove user from local storage to log user out
    localStorage.removeItem('currentUser');
  }
}

Filtering the request with Wireshark I got: 用Wireshark过滤请求,我得到:

OPTIONS /oauth/token HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://localhost:4200
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, 
like Gecko) Chrome/67.0.3396.79 Safari/537.36
DNT: 1
Access-Control-Request-Headers: authorization
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
WWW-Authenticate: Basic realm="oauth2/client"
Access-Control-Allow-Origin: http://localhost:4200
Vary: Origin
Access-Control-Allow-Methods: POST
Access-Control-Allow-Headers: authorization
Access-Control-Allow-Credentials: true
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length: 0
Date: Sat, 09 Jun 2018 14:19:36 GMT

For some reason I have no Authorization header and my request from POST become OPTIONS. 由于某种原因,我没有Authorization标头,而我从POST发出的请求成为OPTIONS。 I searched for some hour other solutions over the web but none of them helped me. 我在网上搜索了几个小时的其他解决方案,但没有一个对我有帮助。

Some advice? 一些忠告?

Found the answer to this question. 找到了这个问题的答案。

The Spring server has to manage also pre-flighted requests according to the paradigm explained in the documentation here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests Spring服务器还必须根据此处文档中解释的范例来管理预处理的请求: https : //developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests

To add the CORS management is possible to add a CORSFilter before all other filters implemented in the Spring Boot App, with a good code example here: https://gist.github.com/malike/f8a98b498368932e6d7511886a167848 要添加CORS管理,可以在Spring Boot App中实现的所有其他过滤器之前添加CORSFilter,并在此处提供一个很好的代码示例: https ://gist.github.com/malike/f8a98b498368932e6d7511886a167848

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM