[英]Spring Security and Angular js basic authentication not working
我正在嘗試用angular-js和spring security構建一個簡單的應用程序。我正在使用基本身份驗證。每當瀏覽主頁時,我都會收到用戶名密碼的基本身份驗證彈出窗口。如果我取消它並使用正確的密碼登錄,應用程序運行正常。但是,如果我輸入了錯誤的密碼,則將出現相同的基本身份驗證彈出窗口。我在每個請求中發送X-Requested-With標頭,並且在標頭惡魔中也可見。任何人都知道,這是怎么回事在這里錯了嗎?
角度:
'use strict';
var todoApp=angular.module('todoApp',['ngRoute']);
todoApp.config(['$routeProvider','$httpProvider',function($routeProvider,$httpProvider){
$httpProvider.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
$routeProvider.when('/',{
templateUrl:'resources/templates/Home.html',
controller:'HomeController'
}).otherwise({redirectTo:'/'});
}]);
'user strict';
todoApp.controller('NavBarController',function($rootScope, $scope, $http, $location, $route){
$scope.credentials = {};
$scope.login = function() {
authenticate($scope.credentials, function(authenticated) {
if (authenticated) {
console.log("Login succeeded")
$location.path("/");
$scope.error = false;
$rootScope.authenticated = true;
} else {
console.log("Login failed")
$location.path("/");
$scope.error = true;
$rootScope.authenticated = false;
}
})
};
$scope.logout=function(){
$http.post('logout', {}).success(function() {
$rootScope.authenticated = false;
$location.path("/");
}).error(function(data) {
console.log("Logout failed")
$rootScope.authenticated = false;
});
}
var authenticate=function(credentials,callback){
//create headers for request
var headers= credentials? {
authorization:"Basic "
+btoa(credentials.username+":"+credentials.password)}:{};
//request to http basic service
$http.get('user/authenticate',{
headers:headers
}).success(function(data){
if(data.name){
$rootScope.authenticated=true
}else{
$rootScope.authenticated=false;
}
callback && callback($rootScope.authenticated);
}).error(function(data){
$rootScope.authenticated=false;
callback && callback(false);
});
};
authenticate();
});
security configuration:
<sec:http use-expressions="true">
<sec:intercept-url pattern="/" access="permitAll"/>
<sec:intercept-url pattern="/index.html" access="permitAll"/>
<sec:intercept-url pattern="/Home.html" access="permitAll"/>
<sec:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<sec:http-basic/>
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<sec:jdbc-user-service data-source-ref="dataSource" id="userDetailsService"/>
</sec:authentication-provider>
</sec:authentication-manager>
Headers:
Content-Language:en
Content-Length:1160
Content-Type:text/html;charset=utf-8
Date:Fri, 12 Jun 2015 02:46:18 GMT
Server:Apache-Coyote/1.1
WWW-Authenticate:Basic realm="Spring Security Application"
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Cookie:JSESSIONID=A06CEC616C9A34B915EA298A890C5E80
Host:localhost:9999
Pragma:no-cache
Referer:http://localhost:9999/todoapp/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36
X-Requested-With:XMLHttpRequest
發送WWW-Authenticate:Basic realm="Spring Security Application"
將使瀏覽器顯示登錄表單。
您需要提供初始的有形資產,而無需基本身份驗證。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.