【发布时间】:2020-02-06 19:24:12
【问题描述】:
我的基本身份验证类是:
@Configuration
@EnableWebSecurity
public class BasicAuthConfiguration
extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http)
throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and().cors().and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(ImmutableList.of("*"));
configuration.setAllowedMethods(ImmutableList.of("HEAD",
"GET", "POST", "PUT", "DELETE", "PATCH"));
// setAllowCredentials(true) is important, otherwise:
// The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
configuration.setAllowCredentials(true);
// setAllowedHeaders is important! Without it, OPTIONS preflight request
// will fail with 403 Invalid CORS request
configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type", "X-XSS-Protection", "X-Content-Type-Options"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
我的测试休息控制器是:
@Api(value="BMT test", description="BMT test system")
@RestController
@RequestMapping("/bmt/api/v1")
public class TestRestController {
@CrossOrigin(origins="*", maxAge=3600)
@GetMapping("/test/get")
public String getTest() {
return "test";
}
@CrossOrigin(origins="*", maxAge=3600)
@PostMapping ("/test/post")
public String getTest2(String param) {
return "test";
}
}
在我有的角度网站上:
public logUser(userLogin: string, password: string): any {
const token = this.createBasicAuthToken('user', 'user')
const httpOptions = {
headers: new HttpHeaders({
'Authorization': token
})
};
return this.http.post(`http://localhost:8080/bmt/api/v1/test/post`,{},
httpOptions).subscribe(
data => console.log('success', data),
error => console.log('oops', error)
);
}
public createBasicAuthToken(userLogin: String, password: String): string {
return 'Basic ' + window.btoa(userLogin + ':' + password);
}
但是 IDK 为什么我可以通过邮递员去连接以获取方法,但我可以从同一个控制器获取方法。但是,如果我尝试连接以获取角度,我无论如何都做不到。我不知道。
我需要 spring boot / angular 5,6,7(我可以轻松更新)身份验证系统,但无论我尝试什么都失败了。有什么建议吗?
【问题讨论】:
标签: angular spring spring-security