【发布时间】:2021-02-11 12:12:21
【问题描述】:
我使用SpringBoot和JWT生成认证token,浏览链接访问页面时没有报错,但是重新加载页面时出现401错误,以下是流程
过程正常:
GENERAL:
Request URL: http://localhost:8080/corridas/aposta?idUsuario=10&size=5&page=0&sort=id,desc
Referrer Policy: strict-origin-when-cross-origin
Response Headers:
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: application/json
Date: Thu, 29 Oct 2020 03:02:54 GMT
Expires: 0
Keep-Alive: timeout=60
Pragma: no-cache
Transfer-Encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Request Headers:
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c3VhcmlvNEB0ZXN0ZS5jb20uYnIiLCJjcmVhdGVkIjoxNjAzOTM3ODY2NTMyLCJleHAiOjE2MDQ1NDI2NjZ9.C-kbadiNZpcKrFgX7kiymJQfigmHe9ZKIGLlMYxYiZaLBbf0P-JY271hV0Tx2toV3I9ZemyGVwgaAp2tDQNF-A
Connection: keep-alive
Cookie: usuario=Fantasma; token=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c3VhcmlvNEB0ZXN0ZS5jb20uYnIiLCJjcmVhdGVkIjoxNjAzOTM3ODY2NTMyLCJleHAiOjE2MDQ1NDI2NjZ9.C-kbadiNZpcKrFgX7kiymJQfigmHe9ZKIGLlMYxYiZaLBbf0P-JY271hV0Tx2toV3I9ZemyGVwgaAp2tDQNF-A;
Host: localhost:8080
Referer: http://localhost:8080/corridas/torcida
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Mobile Safari/537.36
重新加载页面后处理 401
General:
Request URL: http://localhost:8080/corridas/aposta?idUsuario=10&size=5&page=0&sort=id,desc
Request Method: GET
Status Code: 401
Remote Address: [::1]:8080
Referrer Policy: strict-origin-when-cross-origin
Response Headers:
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Language: pt-BR
Content-Length: 301
Content-Type: text/html;charset=UTF-8
Date: Thu, 29 Oct 2020 03:03:54 GMT
Expires: 0
Keep-Alive: timeout=60
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Request Headers:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Cookie: usuario=Fantasma; token=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c3VhcmlvNEB0ZXN0ZS5jb20uYnIiLCJjcmVhdGVkIjoxNjAzOTM3ODY2NTMyLCJleHAiOjE2MDQ1NDI2NjZ9.C-kbadiNZpcKrFgX7kiymJQfigmHe9ZKIGLlMYxYiZaLBbf0P-JY271hV0Tx2toV3I9ZemyGVwgaAp2tDQNF-A;
Host: localhost:8080
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Mobile Safari/537.36
这里是角度拦截器
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
let authRequest: any;
if (this.shared.isLoggedIn()){
authRequest = req.clone({
setHeaders: {
'Authorization': this.shared.buscaChaveUsuario()
}
});
return next.handle(authRequest);
} else {
return next.handle(req);
}
}
当我通过网站链接访问页面时总是调用拦截器,当我重新加载页面时没有调用拦截器,我相信错误一定是在这一点上,可以在第一个看到过程我通过'Authorization'标头传递令牌,在第二个过程中,启动401错误,'Authorization'标头没有通过,因为没有调用拦截器,简而言之,有没有人有任何线索这个错误的原因是什么?
【问题讨论】:
-
在哪里以及如何在应用中添加绑定拦截器?
-
@Crocsx 你好,Crocsx,很抱歉响应延迟,但是来吧,拦截器正在 app.module 的提供者中使用,下面是它的调用方式。 . .
code providers: [SharedService, AuthGuard, { provide: HTTP_INTERCEPTORS, useClass: AuthInterceptor, multi: true },
标签: javascript java angular typescript spring-boot