通过 Javascript 发送 Authorization Token Bearer

【问题标题】:Sending Authorization Token Bearer through Javascript通过 Javascript 发送 Authorization Token Bearer
【发布时间】:2019-01-01 13:06:01
【问题描述】:

我正在尝试通过 Javascript 将授权令牌持有者发送到 REST 端点,所以我这样做:

$.ajax( {
    url: 'http://localhost:8080/resourceserver/protected-no-scope',
    type: 'GET',
    beforeSend : function( xhr ) {
        xhr.setRequestHeader( "Authorization", "Bearer " + token );
    },
    success: function( response ) {
        console.log(response);
    }

我的端点在 SpringBoot 容器下运行,所以我正在获取 HttpServletRequest 并尝试获取 AUthorization Header 但始终为空:

static Authentication getAuthentication(HttpServletRequest request) {
        String token = request.getHeader(HEADER_STRING);
        //token is always null
...

编辑 1 这是客户端(浏览器)中的错误

OPTIONS http://localhost:8080/resourceserver/protected-no-scope 403 ()
Failed to load http://localhost:8080/resourceserver/protected-no-scope: Response for preflight has invalid HTTP status code 403.

编辑 2 为了在后端启用 CORS,我在 spring 中使用了以下注释:

@RestController
@CrossOrigin(origins = "*", maxAge = 3600, allowCredentials = "true", allowedHeaders = "Authorization", methods =
        {RequestMethod.GET, RequestMethod.OPTIONS, RequestMethod.POST})
public class MyResource {

编辑 3 我尝试在我的过滤器中添加 CORS,但没有成功:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
            throws IOException, ServletException {

        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");


        Authentication authentication = TokenAuthenticationService
                .getAuthentication(httpServletRequest);

        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(request, response);
    }

【问题讨论】:

  • Add Header in AJAX Request with jQuery的可能重复
  • 您是否收到任何 CORS 错误?
  • 是的,但我已经在 spring-boot 中使用它解决了它:@CrossOrigin(origins = "*", maxAge = 3600, allowCredentials = "true", allowedHeaders = "Authorization", methods = { RequestMethod.GET, RequestMethod.OPTIONS, RequestMethod.POST})
  • @Paul 我尝试了这篇文章中的解决方案,但没有奏效。
  • HTTP 状态 403 被禁止;听起来您可能需要在服务器端使用其他东西。

标签: javascript jquery jwt


【解决方案1】:

您可以使用headers 键添加标题

$.ajax({
   url: 'http://localhost:8080/resourceserver/protected-no-scope',
   type: 'GET',
   contentType: 'application/json'
   headers: {
      'Authorization': 'Bearer <token>'
   },
   success: function (result) {
       // CallBack(result);
   },
   error: function (error) {

   }
});

您需要在后端启用 CORS

https://stackoverflow.com/a/32320294/5567387

【讨论】:

  • 我尝试过,但在我的 java 端点中继续返回 null。我知道问题不在 java 服务器中,因为如果我使用邮递员并使用授权承载令牌发送请求,一切正常。
  • 你也可以复制POSTMAN生成的代码试试getpostman.com/docs/v6/postman/sending_api_requests/…
  • 我在客户端(浏览器)中编辑帖子时出错
  • 这意味着存在 CORS 问题。在服务器端修复
  • 对于评论“您也可以复制 POSTMAN 生成的代码并尝试一下”,资源已移动到另一个位置:learning.postman.com/docs/postman/sending-api-requests/…
猜你喜欢
  • 2021-04-28
  • 2019-12-31
  • 2019-01-05
  • 2020-08-15
  • 2016-12-18
  • 1970-01-01
  • 1970-01-01
  • 2015-12-25
  • 2019-04-29
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode