相关疑难解决方法(0)

我试图在另一个应用程序(spring-boot应用程序)上调用REST端点(angularjs).应用程序在以下主机和端口上运行.

• REST应用程序,使用spring boot, http://localhost:8080
• HTML应用程序,使用angularjs, http://localhost:50029

我也在使用spring-securityspring-boot应用程序.从HTML应用程序,我可以对REST应用程序进行身份验证,但此后,我仍然无法访问任何REST端点.例如,我有一个如下定义的angularjs服务.

adminServices.factory('AdminService', ['$resource', '$http', 'conf', function($resource, $http, conf) {
    var s = {};
    s.isAdminLoggedIn = function(data) {
        return $http({
            method: 'GET',
            url: 'http://localhost:8080/api/admin/isloggedin',
            withCredentials: true,
            headers: {
                'X-Requested-With': 'XMLHttpRequest'
            }
        });
    };
    s.login = function(username, password) {
        var u = 'username=' + encodeURI(username);
        var p = 'password=' + encodeURI(password);
        var r = 'remember_me=1';
        var data = u + '&' + p + '&' + r;

        return $http({
            method: 'POST',
            url: 'http://localhost:8080/login',
            data: …

所以我从Dave Syer的这个例子中得到了以下授权服务器

@SpringBootApplication
public class AuthserverApplication {

    public static void main(String[] args) {
            SpringApplication.run(AuthserverApplication.class, args);
    }

    /* added later
    @Configuration
    @Order(Ordered.HIGHEST_PRECEDENCE)
    protected static class MyWebSecurity extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http //.csrf().disable() 
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll();
       }
    }*/

    @Configuration
    @EnableAuthorizationServer
    protected static class OAuth2AuthorizationConfig extends
                    AuthorizationServerConfigurerAdapter {

            @Autowired
            private AuthenticationManager authenticationManager;

            @Bean
            public JwtAccessTokenConverter jwtAccessTokenConverter() {
                    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
                    KeyPair keyPair = new KeyStoreKeyFactory(
                                    new ClassPathResource("keystore.jks"), "foobar".toCharArray())
                                    .getKeyPair("test");
                    converter.setKeyPair(keyPair);
                    return converter; …

我正在尝试使用Angular2连接/对API执行POST请求,这是一个带有基本身份验证密码的非常简单的API.在api上禁用密码时,一切都按预期工作.但是当我启用基本身份验证时,Angular无法再连接到API.在邮递员一切正常.我尝试了以下但没有成功.

我有两个标题"Content-Type"和"Authorization"

headers.append("Content-Type", "application/x-www-form-urlencoded");

我试过这两个标题.

headers.append("Authorization", "Basic " + btoa(Username + ":" + Password)); 
headers.append("Authorization", "Basic VXNlcm5hbWU6UGFzc3dvcmQ=");

我唯一能找到的是,在RAW请求标头中只有一行包含标题名称,但缺少值:

Access-Control-Request-Headers: authorization, content-type

原始标题:

#Request Headers
OPTIONS /shipment HTTP/1.1
Host: api.example.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:4200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36
Access-Control-Request-Headers: authorization, content-type
Accept: */*
Referer: http://localhost:4200/address
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,nl;q=0.6

希望有人能提供帮助

最近我在我的Springboot和基于Angualr2的应用程序中引入了JWT身份验证.在那里我尝试通过在我的Angualr代码中传递如下的JWT令牌来执行POST请求

save(jobId: number, taskId: number, note: Note) {

   return this.http.post(environment.APIENDPOINT + '/jobs/' + jobId + '/tasks/' + taskId + '/notes', note, this.setHeaders()).map((response: Response) => response.json());

}

private setHeaders() {
        // create authorization header with jwt token
        let currentUser = JSON.parse(localStorage.getItem('currentUser'));
        console.log("Current token---"+ currentUser.token);
        if (currentUser && currentUser.token) {

  let headers = new Headers();
  headers.append('Content-Type', 'application/json');
  headers.append('authorization','Bearer '+ currentUser.token);
            
   let r = new RequestOptions({ headers: headers })
   return r;

        }
    }

但是在服务器端它返回状态代码401.问题是在Springboot端它检查授权头如下,它返回null

String authToken = request.getHeader("authorization ");

然后,我查看了请求标头,并在Access-Control-Request-Headers下具有授权标头,如下所示.但它对服务器端是不可见的.

然后我进一步阅读并发现这可能是CORS配置的问题.所以我修改了我的CORS配置过滤器以使addExposedHeader如下所示

@Bean
public …

我在查询我的oauth/token端点时遇到错误.

我已经为我的资源配置了cors,并且还试图允许所有资源,但没有任何工作.

XMLHttpRequest无法加载http:// localhost:8080/oauth/token.对预检请求的响应未通过访问控制检查:请求的资源上不存在"Access-Control-Allow-Origin"标头.原产地" 的http://本地主机:1111 "因此不允许访问.响应具有HTTP状态代码401.

vendor.js:1837 ERROR SyntaxError: Unexpected token u in JSON at position 0
    at JSON.parse (<anonymous>)
    at CatchSubscriber.selector (app.js:7000)
    at CatchSubscriber.error (vendor.js:36672)
    at MapSubscriber.Subscriber._error (vendor.js:282)
    at MapSubscriber.Subscriber.error (vendor.js:256)
    at XMLHttpRequest.onError (vendor.js:25571)
    at ZoneDelegate.invokeTask (polyfills.js:15307)
    at Object.onInvokeTask (vendor.js:4893)
    at ZoneDelegate.invokeTask (polyfills.js:15306)
    at Zone.runTask (polyfills.js:15074)
defaultErrorLogger @ vendor.js:1837
ErrorHandler.handleError @ vendor.js:1897
next @ vendor.js:5531
schedulerFn @ vendor.js:4604
SafeSubscriber.__tryOrUnsub @ vendor.js:392
SafeSubscriber.next @ vendor.js:339
Subscriber._next @ vendor.js:279
Subscriber.next @ vendor.js:243
Subject.next @ vendor.js:14989
EventEmitter.emit @ vendor.js:4590
NgZone.triggerError …