[英]Authorization Header is ignored in PHP Backend from Angular 2 http get request
[英]Spring request.getHeader not reading Authorization value from angular request
我目前正在開發一個 Spring+Angular 項目。 當我試圖攔截一個請求並使用角度設置其標頭時,Spring 沒有找到 Authorization 標頭。
我的 JwtRequestFilter 看起來像這樣:
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
private MyUserDetailsService userDetailsService;
private JwtUtil jwtUtil;
@Autowired
public JwtRequestFilter(MyUserDetailsService userDetailsService,
JwtUtil jwtUtil) {
this.userDetailsService = userDetailsService;
this.jwtUtil = jwtUtil;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
final String authorizationHeader = request.getHeader("Authorization");
/*Enumeration<String> headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
System.out.println("Header " + headerNames.nextElement());
}*/
Enumeration<String> blabla = request.getHeaderNames();
while (blabla.hasMoreElements()) {
String header = blabla.nextElement();
System.out.println("Header " + header);
System.out.println("Value " + request.getHeader(header));
}
String username = null;
String jwt = null;
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
jwt = authorizationHeader.substring(7);
username = jwtUtil.extractUsername(jwt);
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails ud = this.userDetailsService.loadUserByUsername(username);
if (jwtUtil.validateToken(jwt, ud)) {
UsernamePasswordAuthenticationToken upat = new UsernamePasswordAuthenticationToken(ud,
null,ud.getAuthorities());
upat.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(upat);
}
}
response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
response.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Expose-Headers", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
filterChain.doFilter(request, response);
}
}
而 Angular HTTPInterceptor 類:
@Injectable()
export class TokenInterceptorService implements HttpInterceptor {
constructor(private injector: Injector) { }
intercept(req : HttpRequest<any>, next: HttpHandler) {
let token = localStorage.getItem('jwt');
const lo = /login/gi;
const re = /register/gi;
if (req.url.search(re) === -1 && req.url.search(lo) === -1) {
let authService = this.injector.get(UserService);
let update = {
headers: req.headers.set('Authorization', `Bearer ${token}`)
};
req = req.clone(update)
console.log(req)
}
return next.handle(req);
}
}
我也嘗試過調試它,但 request.getHeader 總是得到空值,但如果我嘗試 Postman,它工作正常。 當我嘗試使用 Spring 打印所有標頭時,沒有用於授權的標頭,因此我懷疑這是 Angular 方面的問題。
在 Angular 方面:控制台日志如圖所示,標頭應該獲得授權、承載。 網絡來源
目前我不知道這個問題可能是什么。
我目前正在從事 Spring+Angular 項目。 當我嘗試攔截請求並使用 angular 設置其標頭時,Spring 找不到 Authorization 標頭。
我的 JwtRequestFilter 看起來像這樣:
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
private MyUserDetailsService userDetailsService;
private JwtUtil jwtUtil;
@Autowired
public JwtRequestFilter(MyUserDetailsService userDetailsService,
JwtUtil jwtUtil) {
this.userDetailsService = userDetailsService;
this.jwtUtil = jwtUtil;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
final String authorizationHeader = request.getHeader("Authorization");
/*Enumeration<String> headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
System.out.println("Header " + headerNames.nextElement());
}*/
Enumeration<String> blabla = request.getHeaderNames();
while (blabla.hasMoreElements()) {
String header = blabla.nextElement();
System.out.println("Header " + header);
System.out.println("Value " + request.getHeader(header));
}
String username = null;
String jwt = null;
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
jwt = authorizationHeader.substring(7);
username = jwtUtil.extractUsername(jwt);
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails ud = this.userDetailsService.loadUserByUsername(username);
if (jwtUtil.validateToken(jwt, ud)) {
UsernamePasswordAuthenticationToken upat = new UsernamePasswordAuthenticationToken(ud,
null,ud.getAuthorities());
upat.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(upat);
}
}
response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
response.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Expose-Headers", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
filterChain.doFilter(request, response);
}
}
而 Angular HTTPInterceptor 類:
@Injectable()
export class TokenInterceptorService implements HttpInterceptor {
constructor(private injector: Injector) { }
intercept(req : HttpRequest<any>, next: HttpHandler) {
let token = localStorage.getItem('jwt');
const lo = /login/gi;
const re = /register/gi;
if (req.url.search(re) === -1 && req.url.search(lo) === -1) {
let authService = this.injector.get(UserService);
let update = {
headers: req.headers.set('Authorization', `Bearer ${token}`)
};
req = req.clone(update)
console.log(req)
}
return next.handle(req);
}
}
我也試過調試它,但 request.getHeader 總是得到空值,但如果我嘗試 Postman,它工作正常。 當我嘗試使用 Spring 打印出所有標題時,沒有用於授權的標題,所以我懷疑這是一個 Angular 方面的問題。
在 Angular 方面:控制台日志,如圖像所示,標題應該獲得授權,承載。 網絡源
目前我不知道問題可能是什么。
先生,您能解釋更多嗎?
"
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.