Spring:通过 Angular 应用程序授权标头始终为空
[英]Spring: Authorization header is always null via Angular app
问题描述
I'm building an application with Spring and Angular and for now, I'm trying to implement the security phase using Spring security and (JWT)
我正在使用Spring和Angular构建一个应用程序,现在,我正在尝试使用Spring security 和 (JWT)来实现安全阶段
The problem is that when I send the Authorization header from Angular Spring does not receive it!问题是当我从Angular Spring 发送Authorization 标头时没有收到它!
even tho I'm sure it's already in the request (from chrome dev tools).即使我确定它已经在请求中(来自 chrome 开发工具)。
Also when I send the same request with the same header from ARC (Advanced REST Client from chrome) spring receives it and returns the data!同样,当我从ARC(来自 Chrome 的高级 REST 客户端)发送具有相同标头的相同请求时,spring 会收到它并返回数据!
On then Angular side I'm using the HttpInterceptor of course to add the token to requests like so:在 Angular 方面,我当然使用HttpInterceptor将令牌添加到请求中,如下所示:
export class HttpInterceptorService implements HttpInterceptor{
private _api = `${environment.api}/api`;
constructor(
private _authService: AuthenticationService
) { }
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>>{
if(req.url.startsWith(this._api)){
req = req.clone({
setHeaders: {
Authorization: `Bearer ${this._authService.getToken()}`
}
});
}
return next.handle(req);
}
}
And this is what I'm doing inside spring:这就是我在春季所做的事情:
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
@Autowired
private JwtUserDetailsService jwtUserDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
private List<String> excludedURLsPattern = Arrays.asList(new String[]{"/authenticate"});
@Override
protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
return excludedURLsPattern
.stream()
.anyMatch(urlPattern -> request.getRequestURL().toString().contains(urlPattern));
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
System.out.println("=== request URL: "+request.getRequestURL());
final String requestTokenHeader = request.getHeader("Authorization");
System.out.println("=== requestTokenHeader: "+requestTokenHeader);// in this line I always get null (when using Angular not ARC) !!
String username = null;
String jwtToken = null;
// JWT Token is in the form "Bearer token". Remove Bearer word and get
// only the Token
if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
jwtToken = requestTokenHeader.substring(7);
try {
username = jwtTokenUtil.getUsernameFromToken(jwtToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has expired");
}
} else {
logger.warn("JWT Token does not begin with Bearer String");
}
// Once we get the token validate it.
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.jwtUserDetailsService.loadUserByUsername(username);
// if token is valid configure Spring Security to manually set
// authentication
if (jwtTokenUtil.validateToken(jwtToken, userDetails)) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken
.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
// After setting the Authentication in the context, we specify
// that the current user is authenticated. So it passes the
// Spring Security Configurations successfully.
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
chain.doFilter(request, response);
}
}
And this is the message I get:这是我得到的消息:
2020-10-14 15:11:17.664 WARN 9856 --- [nio-5000-exec-1] c.s.c.security.config.JwtRequestFilter : JWT Token does not begin with Bearer String
1 个解决方案
解决方案1
1 已采纳 2020-10-16 09:06:20
ok I will leave the solution here in case someone needed it.好的,我会把解决方案留在这里以防万一有人需要它。
as described in this blog and since I'm using Sring Security I must enable CORS at Spring security level如本博客中所述,并且由于我使用的是Sring Security,因此我必须在 Spring 安全级别启用CORS
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()...// this one right here
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.