【发布时间】:2019-07-20 20:54:25
【问题描述】:
不知道怎么回事,网上到处查了一下,好像和我的一样,但是遇到了这个问题:
我正在使用带有 Angular 拦截器的 HttpClient 请求我的 Angular 应用程序来 setHeader,因为我的 Java Rest API 正在使用 JWT 进行身份验证,并且在标头中需要一个令牌,因此它将获取并验证用户请求,因为 Angular 拦截器不工作适当地。我在 Java 端获取 null 作为令牌并出现错误。请帮我解决这个问题。
最后我发现它可能是弹簧安全问题,因为我调试并发现选项请求所有过滤器并且它没有标头,因此它显示令牌并抛出异常 如果选项方法请求绕过并允许那么可能是我的问题将解决
Spring boot 安全配置
package com.techprimers.security.jwtsecurity.config;
import com.techprimers.security.jwtsecurity.security.JwtAuthenticationEntryPoint;
import com.techprimers.security.jwtsecurity.security.JwtAuthenticationProvider;
import com.techprimers.security.jwtsecurity.security.JwtAuthenticationTokenFilter;
import com.techprimers.security.jwtsecurity.security.JwtSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import java.util.Collections;
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@Configuration
public class JwtSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationProvider authenticationProvider;
@Autowired
private JwtAuthenticationEntryPoint entryPoint;
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Collections.singletonList(authenticationProvider));
}
@Bean
public JwtAuthenticationTokenFilter authenticationTokenFilter() {
JwtAuthenticationTokenFilter filter = new JwtAuthenticationTokenFilter();
filter.setAuthenticationManager(authenticationManager());
filter.setAuthenticationSuccessHandler(new JwtSuccessHandler());
return filter;
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests().antMatchers("**/rest/**").authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(entryPoint)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
http.headers().cacheControl();
}
}
Angular 拦截器代码
import { Injectable } from '@angular/core';
import { HttpRequest, HttpHandler, HttpEvent, HttpInterceptor } from '@angular/common/http';
import { Observable } from 'rxjs';
@Injectable()
export class JwtInterceptor implements HttpInterceptor {
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
// add authorization header with jwt token if available
console.log("i am inside");
request = request.clone({
setHeaders: {
Accept: 'application/json',
Authorization: `Bearer ${localStorage.getItem('token')}`
}
});
return next.handle(request);
}
}
Angular 服务
import { Injectable } from '@angular/core';
import { HttpClient } from '@angular/common/http';
import { Observable } from 'rxjs';
@Injectable({
providedIn: 'root'
})
export class ServiceService {
constructor(private http: HttpClient) { }
api_user_url = 'http://localhost:8095';
getAllApiUsers(): Observable<any> {
return this.http.get(this.api_user_url + "/allUser");
}
setUserLogin(obj):Observable<any>{
return this.http.post(this.api_user_url +"/login", obj);
}
}
调用算法
public getAllUserList() {
console.log("I am calling");
this.service.getAllApiUsers()
.subscribe(data => {
this.alluser = data;
console.log(data);
})
}
浏览器网络
令牌的本地存储
浏览器控制台错误消息
Spring Boot Java 控制台错误
【问题讨论】:
-
令牌在本地存储中是否正确可用?
-
你在哪里注册 JwtInterceptor?它应该在 app.module.ts 中注册。也将主模块定义添加到您的问题中。你有cors的问题,也许你应该先处理它?
-
@KrzysztofRaciniewski 可能是你问这个问题----- 提供者:[ServiceService,{提供:HTTP_INTERCEPTORS,useClass:JwtInterceptor,多:真}],
-
您在问题中分享的网络截图显示您的方法是
OPTION。关于OPTION方法,请访问此link,但根据您的控制台,您需要先解决cors问题。 -
对于 cors 问题,尝试使用 http.cors 而不是 @CrossOrigin(origins = "*")。确保使用开发人员工具网络设置您的授权。不记名和令牌在您的屏幕截图中不可见。而且我还看到您使用密钥“令牌”在本地存储中获取令牌,但密钥“当前用户”在本地存储中。并且将您的 authenticationFilter 实现也可能有所帮助!
标签: angular spring typescript spring-boot spring-security