angular - Spring:授权标头通过 Angular 应用程序始终为空
问题描述
我正在使用Spring和Angular构建应用程序,现在,我正在尝试使用Spring 安全性和(JWT)
实现安全阶段
问题是,当我从Angular发送Authorization 标头时, Spring 没有收到它!
即使我确定它已经在请求中(来自 chrome 开发工具)。此外,当我从ARC(来自 chrome 的高级 REST 客户端)
发送具有相同标头的相同请求时,spring 接收它并返回数据!
在 Angular 方面,我当然使用了将令牌添加到请求中,如下所示:HttpInterceptor
export class HttpInterceptorService implements HttpInterceptor{
private _api = `${environment.api}/api`;
constructor(
private _authService: AuthenticationService
) { }
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>>{
if(req.url.startsWith(this._api)){
req = req.clone({
setHeaders: {
Authorization: `Bearer ${this._authService.getToken()}`
}
});
}
return next.handle(req);
}
}
这就是我在春天做的事情:
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
@Autowired
private JwtUserDetailsService jwtUserDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
private List<String> excludedURLsPattern = Arrays.asList(new String[]{"/authenticate"});
@Override
protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
return excludedURLsPattern
.stream()
.anyMatch(urlPattern -> request.getRequestURL().toString().contains(urlPattern));
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
System.out.println("=== request URL: "+request.getRequestURL());
final String requestTokenHeader = request.getHeader("Authorization");
System.out.println("=== requestTokenHeader: "+requestTokenHeader);// in this line I always get null (when using Angular not ARC) !!
String username = null;
String jwtToken = null;
// JWT Token is in the form "Bearer token". Remove Bearer word and get
// only the Token
if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
jwtToken = requestTokenHeader.substring(7);
try {
username = jwtTokenUtil.getUsernameFromToken(jwtToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has expired");
}
} else {
logger.warn("JWT Token does not begin with Bearer String");
}
// Once we get the token validate it.
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.jwtUserDetailsService.loadUserByUsername(username);
// if token is valid configure Spring Security to manually set
// authentication
if (jwtTokenUtil.validateToken(jwtToken, userDetails)) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken
.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
// After setting the Authentication in the context, we specify
// that the current user is authenticated. So it passes the
// Spring Security Configurations successfully.
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
chain.doFilter(request, response);
}
}
这是我得到的信息:
2020-10-14 15:11:17.664 WARN 9856 --- [nio-5000-exec-1] c.s.c.security.config.JwtRequestFilter : JWT Token does not begin with Bearer String
解决方案
好的,如果有人需要,我会将解决方案留在这里。
如本博客所述,由于我使用的是Sring Security ,我必须在 Spring 安全级别启用CORS
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()...// this one right here
}
}