[英]Can you please let me know why the following javascript code is not always hitting in the following simple index.html?
I am following https://spring.io/guides/tutorials/spring-boot-oauth2/ and reference to source code is https://github.com/spring-guides/tut-spring-boot-oauth2/tree/main/click .我正在关注https://spring.io/guides/tutorials/spring-boot-oauth2/并且对源代码的引用是https://github.com/spring-guides/tut-spring-boot-oauth2/tree/main /点击。 But you don't need to understand the full code.
但是您不需要了解完整的代码。 I have one basic question.
我有一个基本问题。
Basically whenever I am loading the page the callback method in $.get("/user", function(data) { is not always hitting.基本上每当我加载页面时, $.get("/user", function(data) { 中的回调方法并不总是命中。
What does the $.get("/user") - refers to. $.get("/user") - 指的是什么。 Isn't it mean hitting the /user endpoint provided by the Spring-boot-app.
这不是说命中 Spring-boot-app 提供的/user端点吗? And the breakpoint in java (end-point user) and javascript (callback) method [which is making the authenticated class div to be visible and hide unauthenticated ] are not always hitting - they only hit once the authentication is successful.
并且 java(端点用户)和 javascript(回调)方法 [使经过身份验证的类 div 可见并隐藏未经身份验证] 中的断点并不总是命中 - 它们仅在身份验证成功后命中。
Question问题
Why the breakpoints in Java and Javascript are not always hitting?为什么 Java 和 Javascript 中的断点并不总是命中? it's only hitting when the app is successfully authenticated with github.
只有当应用程序成功通过 github 进行身份验证时才会触发。 But I'm thinking its something to do with the basics of - jquery, html and javascript rather than related to oauth2 flow here.
但我认为它与 jquery、html 和 javascript 的基础知识有关,而不是与此处的 oauth2 流程有关。
Can you please let me know the details?你能告诉我细节吗? Do let me know if you have any questions in case the question is not clear.
如果您有任何问题,请告诉我,以防问题不清楚。
@GetMapping("/user")
public Map<String, Object> user() {
return Collections.singletonMap("name", "foo");
}
<body>
<h1>Login</h1>
<div class="container unauthenticated">
With GitHub: <a href="/oauth2/authorization/github">click here</a>
</div>
<div class="container authenticated" style="display: none">
Logged in as: <span id="user"></span>
</div>
<script type="text/javascript">
$.get("/user", function(data) {
$("#user").html(data.name);
$(".unauthenticated").hide()
$(".authenticated").show()
});
</script>
</body>
Actually, I got it.事实上,我明白了。 It's always hitting /user end-point, but when its not authenticated in-network table I do see 401 for /user end-point.
它总是到达 /user 端点,但是当它未经过身份验证的网络内表时,我确实看到了 /user 端点的 401。
And its because of the below configuration in the Controller - which should be enforcing oauth2Login (ie; filter chain must be not letting the request to come to controller)这是因为控制器中的以下配置 - 应该强制执行 oauth2Login (即;过滤器链必须不让请求到达控制器)
And looking at the documentaton bit closely also expalined - just copying the exceprt from the tutorial documentation.并仔细查看文档位也解释了 - 只需从教程文档中复制 exceprt。
You won't see anything about /user in this configuration, though.
但是,在此配置中您不会看到有关 /user 的任何信息。 Everything, including /user remains secure unless indicated because of the .anyRequest().authenticated() configuration at the end.
除非由于最后的 .anyRequest().authenticated() 配置而指明,否则包括 /user 在内的所有内容都是安全的。
Finally, since we are interfacing with the backend over Ajax, we'll want to configure endpoints to respond with a 401 instead of the default behavior of redirecting to a login page.
最后,由于我们通过 Ajax 与后端交互,我们需要配置端点以响应 401,而不是重定向到登录页面的默认行为。 Configuring the authenticationEntryPoint achieves this for us
配置 authenticationEntryPoint 为我们实现了这一点
. .
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests(a -> a
.antMatchers("/", "/error", "/webjars/**").permitAll()
.anyRequest().authenticated()
)
.exceptionHandling(e -> e
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
)
.oauth2Login();
// @formatter:on
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.