【发布时间】:2019-01-31 11:09:37
【问题描述】:
我正在尝试在 spring mvc 应用程序中添加 OAuth 2.0。用户应该经过身份验证才能获得 api 调用。我在spring mvc控制器中设置了一个标题:
@RequestMapping(value = "/admin-api/get-all-order", method = RequestMethod.GET)
public ResponseEntity getAllOrders(@RequestHeader("Authorization") String bearerToken) {
try {
List<OrderModel> order = orderService.getAllOrders();
return new ResponseEntity(order, HttpStatus.OK);
} catch (HibernateException e) {
return new ResponseEntity(e.getMessage(), HttpStatus.BAD_REQUEST);
}
}
对于请求 api,我使用了 angular 5。我使用 angular 进行 api 调用,例如:
return this.http.get<T>(this.getAllOrderUrl, {
headers: {
"Authorization": "bearer " + JSON.parse(localStorage.getItem("token"))["value"],
"Content-type": "application/json"
}
}).catch(error => {
return this.auth.handleError(error);
})
我已经为“localhost:4200”启用了 CORS。 CORS 过滤适用于其他请求。
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods",
"ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers",
"X-PINGOTHER,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Key");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
【问题讨论】:
-
你在
CorsFilter中的接线如何 -
@shinjw - 对不起,我没有得到你
-
您需要在 WebSecurity 或 ResourceServer 配置器中设置 CorsFilter。您需要发布这些配置
标签: java spring-mvc spring-security oauth-2.0 angular5