[英]Angular login request to Spring rest with security
我是Spring安全的新手。 我對Spring rest安全性感到困惑,但找不到任何完整的解決方案。 我有以下場景:
1)我創建了角度js服務,它對spring rest進行$ http調用。
2)我希望spring security攔截這個url(/ login)並相應地給我回復。
我嘗試了如果我直接訪問網址http:// localhost:8123 / SpringMVC / login然后它工作正常,它要求用戶名和密碼,輸入正確的用戶后,密碼我得到了結果但是我做的一樣來自AngularJs; 它給了我以下錯誤
angular.js:10514 OPTIONS http://localhost:8123/SpringMVC/rest/login/ (anonymous function) @ angular.js:10514sendReq @ angular.js:10333serverRequest @ angular.js:10045processQueue @ angular.js:14567(anonymous function) @ angular.js:14583$eval @ angular.js:15846$digest @ angular.js:15657$apply @ angular.js:15951bootstrapApply @ angular.js:1633invoke @ angular.js:4450doBootstrap @ angular.js:1631bootstrap @ angular.js:1651angularInit @ angular.js:1545(anonymous function) @ angular.js:28359trigger @ angular.js:2996eventHandler @ angular.js:3271
localhost/:1 XMLHttpRequest cannot load http://localhost:8111/SpringMVC/rest/categories/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8234' is therefore not allowed access. The response had HTTP status code 401.
請建議如何在fronend中正確配置標頭以及后端,角度和休息應用程序都在不同的服務器上運行。
這是在SecurityConfiguration.java中
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll()
.anyRequest().authenticated();
}
這就是我在入口點所做的事情:
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
//prevent default behaviour
if (request.getMethod().equals("OPTIONS")) {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE");
response.addHeader("Access-Control-Max-Age", "3600");
response.addHeader("Access-Control-Allow-Headers",
" Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");
}
else
{
System.out.println("hello from server");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
}
嘗試添加 -
response.setHeader("Access-Control-Request-Headers", "X-Requested-With, Content-Type, Accept");
還要更新
response.addHeader("Access-Control-Allow-Headers",
" Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");
至
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN, Authorization");`
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.