【发布时间】:2020-06-25 10:14:32
【问题描述】:
我遇到了一个非常奇怪的问题,我想在我的请求中向服务 spring boot 发送一个额外的参数 Authorization ,就像这样
Request headers
Authorization: bearer t-3e57cc74-3e7a-4fc7-9bbb-f6c83252db01
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=908D73C50F09E75C9A0D674C4CB33D2F; ROUTEID=.1; __unam=3c3246b-13bc693352d-aa1535c-1
但使用此代码 在 AppComponent 中
import { Component } from '@angular/core';
import { HttpClient, HttpHeaders } from '@angular/common/http';
@Component({
selector: 'app-root',
templateUrl: './app.component.html',
styleUrls: [ './app.component.css' ]
})
export class AppComponent {
constructor(private http: HttpClient) {}
checkfingeradmin() {
const headers = new HttpHeaders({
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': ' http://localhost:4200',
'Access-Control-Allow-Credentials': 'true',
'Access-Control-Allow-Methods': ' POST, GET, OPTIONS, DELETE',
'Access-Control-Max-Age': ' 3600',
'Access-Control-Allow-Headers': 'Content-Type, Accept, X-Requested-With, remember-me',
'Authorization':
'Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYXRlbTEyMyIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfRU1Q'
});
this.http
.get<any>(
'http://localhost:8080/api/v1/pointage/ExitAdmin',
{ headers: headers }
}
)
.subscribe((data) => {
console.log(data);
});
}
}
和在Controller Spring启动中
@RestController
@CrossOrigin(origins = "*",maxAge = 3600)
@RequestMapping(value="/api/v1/pointage")
public class PointageController { @GetMapping ("/EnterAdmin")
public ResponseEntity EnterAdmin(){
return ResponseEntity.ok("for testing");}}
我使用这个 class jwtTokenFilter 只是为了在控制台中获取消息以检查我的服务器 Spring 启动中的结果
public class JwtTokenFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) httpServletRequest;
HttpServletResponse response = (HttpServletResponse) httpServletResponse;
String bearerToken = req.getHeader("Authorization");
Enumeration<String> e = req.getHeaderNames();
while(e.hasMoreElements()){
String param = (String) e.nextElement();
System.out.print(param + " : " + req.getHeader(param));
System.out.print("\n");
if(req.getHeader(param).equals("access-control-request-headers") ){
System.out.print("\n========================= \n");
System.out.print(req.getHeader(param));
System.out.print("\n========================= \n");
}}}
它像这样发送没有传递值,也是它的请求 type 变成 OPTION 而不是 GET,这里是控制台
host : localhost:8080
connection : keep-alive
accept : */*
access-control-request-method : GET
access-control-request-headers : authorization
origin : null
sec-fetch-mode : cors
sec-fetch-site : cross-site
user-agent : Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
accept-encoding : gzip, deflate, br
accept-language : fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,und;q=0.6
=========================
bearerToken : null
msgaccess-control-allow-credentialsmsg : nullnull
谁能告诉我我怎样才能通过这样的授权:bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYXRlbTEyMyIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfRU1Q'
【问题讨论】:
-
我认为您需要在后端技术中实施所有标头设置。在像 Angular 这样的前端中,您需要传递它们。
-
你在 Spring Security 中启用了 CORS 吗?
标签: angular spring spring-boot jwt authorization