[英]Spring request.getHeader not reading Authorization value from angular request
I'm currently working on a Spring+Angular project.我目前正在开发一个 Spring+Angular 项目。 When I'm trying to intercept a request and set its header with angular, Spring is not finding the Authorization header.当我试图拦截一个请求并使用角度设置其标头时,Spring 没有找到 Authorization 标头。
My JwtRequestFilter is looking like this:我的 JwtRequestFilter 看起来像这样:
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
private MyUserDetailsService userDetailsService;
private JwtUtil jwtUtil;
@Autowired
public JwtRequestFilter(MyUserDetailsService userDetailsService,
JwtUtil jwtUtil) {
this.userDetailsService = userDetailsService;
this.jwtUtil = jwtUtil;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
final String authorizationHeader = request.getHeader("Authorization");
/*Enumeration<String> headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
System.out.println("Header " + headerNames.nextElement());
}*/
Enumeration<String> blabla = request.getHeaderNames();
while (blabla.hasMoreElements()) {
String header = blabla.nextElement();
System.out.println("Header " + header);
System.out.println("Value " + request.getHeader(header));
}
String username = null;
String jwt = null;
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
jwt = authorizationHeader.substring(7);
username = jwtUtil.extractUsername(jwt);
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails ud = this.userDetailsService.loadUserByUsername(username);
if (jwtUtil.validateToken(jwt, ud)) {
UsernamePasswordAuthenticationToken upat = new UsernamePasswordAuthenticationToken(ud,
null,ud.getAuthorities());
upat.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(upat);
}
}
response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
response.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Expose-Headers", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
filterChain.doFilter(request, response);
}
}
While the Angular HTTPInterceptor class:而 Angular HTTPInterceptor 类:
@Injectable()
export class TokenInterceptorService implements HttpInterceptor {
constructor(private injector: Injector) { }
intercept(req : HttpRequest<any>, next: HttpHandler) {
let token = localStorage.getItem('jwt');
const lo = /login/gi;
const re = /register/gi;
if (req.url.search(re) === -1 && req.url.search(lo) === -1) {
let authService = this.injector.get(UserService);
let update = {
headers: req.headers.set('Authorization', `Bearer ${token}`)
};
req = req.clone(update)
console.log(req)
}
return next.handle(req);
}
}
I tried debugging it as well, but request.getHeader is always getting null value, but if I try Postman, it's working fine.我也尝试过调试它,但 request.getHeader 总是得到空值,但如果我尝试 Postman,它工作正常。 When I try printing out all the Headers with Spring, there is no header for Authorization, so I suspect it's an Angular side issue.当我尝试使用 Spring 打印所有标头时,没有用于授权的标头,因此我怀疑这是 Angular 方面的问题。
On Angular side: Console logs as the image shows the header should be getting the Authorization, Bearer.在 Angular 方面:控制台日志如图所示,标头应该获得授权、承载。 Network source网络来源
At the moment I'm at a loss what the problem could.目前我不知道这个问题可能是什么。
I'm currently working on a Spring+Angular project.我目前正在从事 Spring+Angular 项目。 When I'm trying to intercept a request and set its header with angular, Spring is not finding the Authorization header.当我尝试拦截请求并使用 angular 设置其标头时,Spring 找不到 Authorization 标头。
My JwtRequestFilter is looking like this:我的 JwtRequestFilter 看起来像这样:
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
private MyUserDetailsService userDetailsService;
private JwtUtil jwtUtil;
@Autowired
public JwtRequestFilter(MyUserDetailsService userDetailsService,
JwtUtil jwtUtil) {
this.userDetailsService = userDetailsService;
this.jwtUtil = jwtUtil;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
final String authorizationHeader = request.getHeader("Authorization");
/*Enumeration<String> headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
System.out.println("Header " + headerNames.nextElement());
}*/
Enumeration<String> blabla = request.getHeaderNames();
while (blabla.hasMoreElements()) {
String header = blabla.nextElement();
System.out.println("Header " + header);
System.out.println("Value " + request.getHeader(header));
}
String username = null;
String jwt = null;
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
jwt = authorizationHeader.substring(7);
username = jwtUtil.extractUsername(jwt);
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails ud = this.userDetailsService.loadUserByUsername(username);
if (jwtUtil.validateToken(jwt, ud)) {
UsernamePasswordAuthenticationToken upat = new UsernamePasswordAuthenticationToken(ud,
null,ud.getAuthorities());
upat.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(upat);
}
}
response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
response.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Expose-Headers", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
filterChain.doFilter(request, response);
}
}
While the Angular HTTPInterceptor class:而 Angular HTTPInterceptor 类:
@Injectable()
export class TokenInterceptorService implements HttpInterceptor {
constructor(private injector: Injector) { }
intercept(req : HttpRequest<any>, next: HttpHandler) {
let token = localStorage.getItem('jwt');
const lo = /login/gi;
const re = /register/gi;
if (req.url.search(re) === -1 && req.url.search(lo) === -1) {
let authService = this.injector.get(UserService);
let update = {
headers: req.headers.set('Authorization', `Bearer ${token}`)
};
req = req.clone(update)
console.log(req)
}
return next.handle(req);
}
}
I tried debugging it as well, but request.getHeader is always getting null value, but if I try Postman, it's working fine.我也试过调试它,但 request.getHeader 总是得到空值,但如果我尝试 Postman,它工作正常。 When I try printing out all the Headers with Spring, there is no header for Authorization, so I suspect it's an Angular side issue.当我尝试使用 Spring 打印出所有标题时,没有用于授权的标题,所以我怀疑这是一个 Angular 方面的问题。
On Angular side: Console logs as the image shows the header should be getting the Authorization, Bearer.在 Angular 方面:控制台日志,如图像所示,标题应该获得授权,承载。 Network source网络源
At the moment I'm at a loss what the problem could.目前我不知道问题可能是什么。
先生,您能解释更多吗?
"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.