angular - Angular 5发送请求时如何防止Spring安全登录重定向302
问题描述
我总是得到 302 响应而不是 JSON 响应(200 OK),当我尝试使用 Spring Boot JWT 登录时,是否有任何合理的方法可以阻止 Spring Security 在成功身份验证后重定向我的 http 请求,顺便说一句,我正在使用角度 5 HttpClient 向 Spring boot 发送 Http 请求。我已经尝试了网络上的所有解决方案,但不幸的是它们都不起作用!!!
@EnableWebSecurity
public class SecurityTasks extends WebSecurityConfigurerAdapter{
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private BCryptPasswordEncoder bcrypt;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bcrypt);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().antMatchers("/login/**","/register/**","/").permitAll();
http.authorizeRequests().antMatchers(HttpMethod.POST,"/tasks/**").hasAuthority("ADMIN");
http.authorizeRequests().anyRequest().authenticated();
// authenticationManager() will return authentication object
http.addFilter(new JWTAuthenticationFilter(authenticationManager()));
http.addFilterBefore(new JWTAuthorizationFilter(),UsernamePasswordAuthenticationFilter.class);
}
}
JWT授权码:
public class JWTAuthorizationFilter extends OncePerRequestFilter{
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse res, FilterChain filterChain)
throws ServletException, IOException {
res.addHeader("Access-Control-Allow-Origin", "*");
res.addHeader("Access-Control-Allow-Headers",
"Origin,Accept,X-Requested-With,Content-Type,"
+ "Access-Control-Request-Method,"
+ "Acces-Control-Request-Headers,"
+ "Authorization");
res.addHeader("Access-Control-Expose-Headers",
"Access-Control-Allow-Origin,"
+ "Access-Control-Allow-Credentials,Authorization");
if(request.getMethod().equals("OPTIONS")){
res.setStatus(HttpServletResponse.SC_OK);
}
String jwt = request.getHeader(SecurityConstants.HEADER_STRING);
System.out.println("***********c*************"+jwt+"*********************");
if (jwt == null || !jwt.startsWith(SecurityConstants.TOKEN_PREFIX)) {
filterChain.doFilter(request, res); return;
}
Claims claims = Jwts.parser()
.setSigningKey(SecurityConstants.SECRET)
.parseClaimsJws(jwt.replace(SecurityConstants.TOKEN_PREFIX,""))
.getBody();
String username = claims.getSubject();
ArrayList<Map<String,String>> roles = (ArrayList<Map<String,String>>) claims.get("roles");
Collection<GrantedAuthority> authoroties = new ArrayList<>();
roles.forEach(t->{authoroties.add(new SimpleGrantedAuthority(t.get("authority")));});
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username,null,authoroties);
// context security de spring this set will charge utilisateur authentifie
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
filterChain.doFilter(request, res);
}
}
解决方案
推荐阅读
- django - 用等效+装饰子类替换 Django 模型类的正确方法
- java - 读取文件后如何创建队列?
- php - foreach in foreach in if blade php
- php - Issue with defining the path of upload in php
- syntax - is it possible that compiled languages (C#, Java) to benefit indentions as a code block indication like python?
- reactjs - 使用模式框在 React 中编辑项目后重新加载列表 - 将功能从一个组件传递到另一个组件
- python - ValueError: invalid literal for int() with base 10: '40 1 3 4 20\n'
- python - 在 Django 的 ORM 中使用带有 UPDATE 的子查询
- javascript - 对合成 onwheel 事件做出反应的上下文 api 状态不持久
- java - 我不明白为什么这个 Java 问题中变量结果的值不为零