Angular Spring 的登录请求请放心
Angular login request to Spring rest with security
我是 Spring 安全方面的新手。我对 Spring 休息安全感到困惑,但找不到任何完整的解决方案。我有以下场景:
1) 我已经创建了 angular js 服务,它对 spring rest 进行 $http 调用。
2) 我希望 spring 安全部门拦截此 url(/login) 并相应地回复我。
如果我直接访问 url,我尝试了什么 http://localhost:8123/SpringMVC/login 然后它工作正常,它要求输入用户名和密码,在输入正确的用户和密码后,我得到了结果,但同样的事情我正在做 AngularJs;它给了我以下错误
angular.js:10514 OPTIONS http://localhost:8123/SpringMVC/rest/login/ (anonymous function) @ angular.js:10514sendReq @ angular.js:10333serverRequest @ angular.js:10045processQueue @ angular.js:14567(anonymous function) @ angular.js:14583$eval @ angular.js:15846$digest @ angular.js:15657$apply @ angular.js:15951bootstrapApply @ angular.js:1633invoke @ angular.js:4450doBootstrap @ angular.js:1631bootstrap @ angular.js:1651angularInit @ angular.js:1545(anonymous function) @ angular.js:28359trigger @ angular.js:2996eventHandler @ angular.js:3271
localhost/:1 XMLHttpRequest cannot load http://localhost:8111/SpringMVC/rest/categories/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8234' is therefore not allowed access. The response had HTTP status code 401.
请建议如何在前端和后端正确配置 header angular 和其余应用程序 运行 在不同的服务器上。
这是在SecurityConfiguration.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll()
.anyRequest().authenticated();
}
这就是我在入口点所做的事情:
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
//prevent default behaviour
if (request.getMethod().equals("OPTIONS")) {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE");
response.addHeader("Access-Control-Max-Age", "3600");
response.addHeader("Access-Control-Allow-Headers",
" Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");
}
else
{
System.out.println("hello from server");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
}
尝试添加-
response.setHeader("Access-Control-Request-Headers", "X-Requested-With, Content-Type, Accept");
同时更新
response.addHeader("Access-Control-Allow-Headers",
" Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");
至
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN, Authorization");`
我是 Spring 安全方面的新手。我对 Spring 休息安全感到困惑,但找不到任何完整的解决方案。我有以下场景:
1) 我已经创建了 angular js 服务,它对 spring rest 进行 $http 调用。
2) 我希望 spring 安全部门拦截此 url(/login) 并相应地回复我。
如果我直接访问 url,我尝试了什么 http://localhost:8123/SpringMVC/login 然后它工作正常,它要求输入用户名和密码,在输入正确的用户和密码后,我得到了结果,但同样的事情我正在做 AngularJs;它给了我以下错误
angular.js:10514 OPTIONS http://localhost:8123/SpringMVC/rest/login/ (anonymous function) @ angular.js:10514sendReq @ angular.js:10333serverRequest @ angular.js:10045processQueue @ angular.js:14567(anonymous function) @ angular.js:14583$eval @ angular.js:15846$digest @ angular.js:15657$apply @ angular.js:15951bootstrapApply @ angular.js:1633invoke @ angular.js:4450doBootstrap @ angular.js:1631bootstrap @ angular.js:1651angularInit @ angular.js:1545(anonymous function) @ angular.js:28359trigger @ angular.js:2996eventHandler @ angular.js:3271
localhost/:1 XMLHttpRequest cannot load http://localhost:8111/SpringMVC/rest/categories/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8234' is therefore not allowed access. The response had HTTP status code 401.
请建议如何在前端和后端正确配置 header angular 和其余应用程序 运行 在不同的服务器上。
这是在SecurityConfiguration.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll()
.anyRequest().authenticated();
}
这就是我在入口点所做的事情:
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
//prevent default behaviour
if (request.getMethod().equals("OPTIONS")) {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE");
response.addHeader("Access-Control-Max-Age", "3600");
response.addHeader("Access-Control-Allow-Headers",
" Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");
}
else
{
System.out.println("hello from server");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
}
尝试添加-
response.setHeader("Access-Control-Request-Headers", "X-Requested-With, Content-Type, Accept");
同时更新
response.addHeader("Access-Control-Allow-Headers",
" Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");
至
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN, Authorization");`