堆栈内存溢出
  简体   繁体   English

Spring request.getHeader 未从角度请求中读取授权值

[英]Spring request.getHeader not reading Authorization value from angular request

 原文  2020-01-23 15:55:56       angular/ spring

问题描述

I'm currently working on a Spring+Angular project.我目前正在开发一个 Spring+Angular 项目。 When I'm trying to intercept a request and set its header with angular, Spring is not finding the Authorization header.当我试图拦截一个请求并使用角度设置其标头时,Spring 没有找到 Authorization 标头。

My JwtRequestFilter is looking like this:我的 JwtRequestFilter 看起来像这样:

@Component
public class JwtRequestFilter extends OncePerRequestFilter {

  private MyUserDetailsService userDetailsService;
  private JwtUtil jwtUtil;

  @Autowired
  public JwtRequestFilter(MyUserDetailsService userDetailsService,
      JwtUtil jwtUtil) {
    this.userDetailsService = userDetailsService;
    this.jwtUtil = jwtUtil;
  }

  @Override
  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
      FilterChain filterChain) throws ServletException, IOException {
    final String authorizationHeader = request.getHeader("Authorization");
    /*Enumeration<String> headerNames = request.getHeaderNames();
    while (headerNames.hasMoreElements()) {
      System.out.println("Header  " + headerNames.nextElement());
    }*/
    Enumeration<String> blabla = request.getHeaderNames();
    while (blabla.hasMoreElements()) {
      String header = blabla.nextElement();
      System.out.println("Header  " + header);
      System.out.println("Value  " + request.getHeader(header));
    }
    String username = null;
    String jwt = null;
    if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
      jwt = authorizationHeader.substring(7);
      username = jwtUtil.extractUsername(jwt);
    }
    if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
      UserDetails ud = this.userDetailsService.loadUserByUsername(username);
      if (jwtUtil.validateToken(jwt, ud)) {
        UsernamePasswordAuthenticationToken upat = new UsernamePasswordAuthenticationToken(ud,
            null,ud.getAuthorities());
        upat.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
        SecurityContextHolder.getContext().setAuthentication(upat);
      }
    }
    response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
    response.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,OPTIONS");
    response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Expose-Headers", "*");
    response.setHeader("Access-Control-Allow-Credentials", "true");
    filterChain.doFilter(request, response);
  }
}

While the Angular HTTPInterceptor class:而 Angular HTTPInterceptor 类:

@Injectable()
export class TokenInterceptorService implements HttpInterceptor {

  constructor(private injector: Injector) { }

  intercept(req : HttpRequest<any>, next: HttpHandler) {
    let token = localStorage.getItem('jwt');
    const lo = /login/gi;
    const re = /register/gi;
  if (req.url.search(re) === -1 && req.url.search(lo) === -1) {
    let authService = this.injector.get(UserService);
    let update = {
      headers: req.headers.set('Authorization', `Bearer ${token}`)
    };
    req = req.clone(update)
    console.log(req)
  }
    return next.handle(req);
  }
}

I tried debugging it as well, but request.getHeader is always getting null value, but if I try Postman, it's working fine.我也尝试过调试它,但 request.getHeader 总是得到空值,但如果我尝试 Postman,它工作正常。 When I try printing out all the Headers with Spring, there is no header for Authorization, so I suspect it's an Angular side issue.当我尝试使用 Spring 打印所有标头时,没有用于授权的标头,因此我怀疑这是 Angular 方面的问题。

On Angular side: Console logs as the image shows the header should be getting the Authorization, Bearer.在 Angular 方面:控制台日志如图所示,标头应该获得授权、承载。 Network source网络来源

At the moment I'm at a loss what the problem could.目前我不知道这个问题可能是什么。

1 个解决方案

解决方案1
 0  2020-01-23 19:29:31

I'm currently working on a Spring+Angular project.我目前正在从事 Spring+Angular 项目。 When I'm trying to intercept a request and set its header with angular, Spring is not finding the Authorization header.当我尝试拦截请求并使用 angular 设置其标头时,Spring 找不到 Authorization 标头。

My JwtRequestFilter is looking like this:我的 JwtRequestFilter 看起来像这样:

@Component
public class JwtRequestFilter extends OncePerRequestFilter {

  private MyUserDetailsService userDetailsService;
  private JwtUtil jwtUtil;

  @Autowired
  public JwtRequestFilter(MyUserDetailsService userDetailsService,
      JwtUtil jwtUtil) {
    this.userDetailsService = userDetailsService;
    this.jwtUtil = jwtUtil;
  }

  @Override
  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
      FilterChain filterChain) throws ServletException, IOException {
    final String authorizationHeader = request.getHeader("Authorization");
    /*Enumeration<String> headerNames = request.getHeaderNames();
    while (headerNames.hasMoreElements()) {
      System.out.println("Header  " + headerNames.nextElement());
    }*/
    Enumeration<String> blabla = request.getHeaderNames();
    while (blabla.hasMoreElements()) {
      String header = blabla.nextElement();
      System.out.println("Header  " + header);
      System.out.println("Value  " + request.getHeader(header));
    }
    String username = null;
    String jwt = null;
    if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
      jwt = authorizationHeader.substring(7);
      username = jwtUtil.extractUsername(jwt);
    }
    if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
      UserDetails ud = this.userDetailsService.loadUserByUsername(username);
      if (jwtUtil.validateToken(jwt, ud)) {
        UsernamePasswordAuthenticationToken upat = new UsernamePasswordAuthenticationToken(ud,
            null,ud.getAuthorities());
        upat.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
        SecurityContextHolder.getContext().setAuthentication(upat);
      }
    }
    response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
    response.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,OPTIONS");
    response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Expose-Headers", "*");
    response.setHeader("Access-Control-Allow-Credentials", "true");
    filterChain.doFilter(request, response);
  }
}

While the Angular HTTPInterceptor class:而 Angular HTTPInterceptor 类:

@Injectable()
export class TokenInterceptorService implements HttpInterceptor {

  constructor(private injector: Injector) { }

  intercept(req : HttpRequest<any>, next: HttpHandler) {
    let token = localStorage.getItem('jwt');
    const lo = /login/gi;
    const re = /register/gi;
  if (req.url.search(re) === -1 && req.url.search(lo) === -1) {
    let authService = this.injector.get(UserService);
    let update = {
      headers: req.headers.set('Authorization', `Bearer ${token}`)
    };
    req = req.clone(update)
    console.log(req)
  }
    return next.handle(req);
  }
}

I tried debugging it as well, but request.getHeader is always getting null value, but if I try Postman, it's working fine.我也试过调试它,但 request.getHeader 总是得到空值,但如果我尝试 Postman,它工作正常。 When I try printing out all the Headers with Spring, there is no header for Authorization, so I suspect it's an Angular side issue.当我尝试使用 Spring 打印出所有标题时,没有用于授权的标题,所以我怀疑这是一个 Angular 方面的问题。

On Angular side: Console logs as the image shows the header should be getting the Authorization, Bearer.在 Angular 方面:控制台日志,如图像所示,标题应该获得授权,承载。 Network source网络源

At the moment I'm at a loss what the problem could.目前我不知道问题可能是什么。

解决方案2
 -3  2022-01-28 18:16:49

先生,您能解释更多吗?

"

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从Angular 2 http get请求的PHP Backend中忽略授权标头 - Authorization Header is ignored in PHP Backend from Angular 2 http get request 从Angular到Spring Rest API的POST请求 - POST request from angular to spring rest api 从 Angular 客户端到 Spring 的 GET 请求 - GET request from Angular client to Spring Spring 请求参数未从 angular 获取数据 - Spring request param not getting data from angular 从 Angular 到 Spring 的多部分发布请求 - Multipart post request from Angular To Spring 请求中缺少授权标头(Angular4和Django) - Authorization header is missing in the request (Angular4 and Django) 获取请求时对angular2的基本授权-405 - angular2 basic authorization on get request - 405 Angular2通过标头请求中的授权 - Angular2 pass authorization inside header request 带有授权标头401的Angular 4 HTTP Get Request - Angular 4 HTTP Get Request with authorization header 401 Angular 6 Http请求失败,并带有授权标头 - Angular 6 Http request fails with authorization headers
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM