那些遇到过的问题

通过Javascript发送授权令牌承载

Ron*_*las 10 javascript jquery jwt

我正在尝试通过 Javascript 向 REST 端点发送授权令牌承载,所以我这样做:

$.ajax( {
    url: 'http://localhost:8080/resourceserver/protected-no-scope',
    type: 'GET',
    beforeSend : function( xhr ) {
        xhr.setRequestHeader( "Authorization", "Bearer " + token );
    },
    success: function( response ) {
        console.log(response);
    }
Run Code Online (Sandbox Code Playgroud)

我的端点在 SpringBoot 容器下运行,所以我正在获取 HttpServletRequest 并尝试获取 AUthorization Header 但始终为空:

static Authentication getAuthentication(HttpServletRequest request) {
        String token = request.getHeader(HEADER_STRING);
        //token is always null
...
Run Code Online (Sandbox Code Playgroud)

编辑 1 这是客户端(浏览器

OPTIONS http://localhost:8080/resourceserver/protected-no-scope 403 ()
Failed to load http://localhost:8080/resourceserver/protected-no-scope: Response for preflight has invalid HTTP status code 403.
Run Code Online (Sandbox Code Playgroud)

编辑 2 要在后端启用 CORS,我在 spring 中使用以下注释:

@RestController
@CrossOrigin(origins = "*", maxAge = 3600, allowCredentials = "true", allowedHeaders = "Authorization", methods =
        {RequestMethod.GET, RequestMethod.OPTIONS, RequestMethod.POST})
public class MyResource {
Run Code Online (Sandbox Code Playgroud)

编辑 3 我尝试在过滤器中添加 CORS 但没有成功:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
            throws IOException, ServletException {

        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");


        Authentication authentication = TokenAuthenticationService
                .getAuthentication(httpServletRequest);

        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(request, response);
    }
Run Code Online (Sandbox Code Playgroud)

Zoh*_*jaz 21

您可以使用headerskey 添加标题

$.ajax({
   url: 'http://localhost:8080/resourceserver/protected-no-scope',
   type: 'GET',
   contentType: 'application/json'
   headers: {
      'Authorization': 'Bearer <token>'
   },
   success: function (result) {
       // CallBack(result);
   },
   error: function (error) {

   }
});
Run Code Online (Sandbox Code Playgroud)

您需要在后端启用 CORS

/sf/answers/2262420611/

归档时间:

查看次数:

46244 次

最近记录:

7 年,1 月 前
使用jQuery在AJAX请求中添加标头 377
CORS弹簧靴和angularjs无法正常工作 71
更多相关链接
相关归档
如何在Javascript中执行shell命令 108
jQuery改变HTML元素的风格 103
每次打开Chrome DevTools时,如何默认隐藏"控制台抽屉"? 73
如何在IE8中转储JavaScript变量? 70
敲除数据绑定动态生成的元素 46
如何使用jQuery获取数组键? 36
jQuery自动完成:事件选择 25
jqueryui对话框定位 25
如何在Greasemonkey脚本中包含远程javascript文件? 22
在悬停时更改文本,然后返回上一个文本 21
难疑归档
如何强制"git pull"覆盖本地文件? 6654
什么是控制倒置? 1704
根据pandas中列的值从DataFrame中选择行 1649
为什么文本文件以换行符结尾? 1375
如何获取所有Git分支 1371
Git:如何在项目提交历史中找到已删除的文件? 1183
忽略git项目中的任何"bin"目录 1172
你如何重命名Git标签? 1162
简单的面试问题变得更难:给出数字1..100,找到丢失的数字 1115
Visual Studio中的构建解决方案,重建解决方案和清洁解决方案之间的区别? 1081