我有一个由AngularJs构建的Web应用程序和一个由Spring构建的后端应用程序,我正在使用JWT来保护我的应用程序. 使用Get方法,一切正常,在后端级别,我得到了期望的承载令牌,因此我可以返回私有信息.但是使用POST方法时,不发送承载令牌. 我不知道这是后端层还是前端层的问题. 这里您有我的代码:
I have a web app built by AngularJs and a backend app built by Spring and I'm using JWT to secure my app. With Get method everything is ok, at the backend level I get the bearer token I'm expecting so I can return private information. But with POST method the bearer token is not sent. I don't know if this is an issue from backend or frontend layer. here you have my code:
AngularJS
AngularJS
$http({ method: 'POST', url: SessionService.apiUrl + '/category/create', headers: { 'Accept': 'application/json','Content-Type': 'application/json; charset=UTF-8;', 'Authorization': 'Bearer ' + SessionService.getToken() }, data: params })对于GET方法,我具有完全相同的功能(没有参数,并且具有GET方法),并且可以正常工作.
For GET method I have exactly the same (without params and with method GET) and it is working.
在后端:
@RequestMapping(value = "/category/create", method = RequestMethod.POST) public @ResponseBody Response add(@RequestBody CategoryBO request) { ... }并通过以下方式使用io.jsonwebtoken库获取Authorization标头:
And to get the Authorization header I'm using io.jsonwebtoken library in the following way:
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { String authorizationHeader = request.getHeader("authorization");使用Postman,后端工作正常,但使用angularjs则不能.
Using Postman the backend is working well, but with angularjs is not.
GET-请求标头:
Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate, sdch Accept-Language:es-ES,es;q=0.8,en;q=0.6,pt;q=0.4 Authorization:Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJmYWJpYW4uYW5nZWxvbmkiLCJyb2xlcyI6IkFETUlOIiwiaWF0IjoxNDU5MDE5MTg0fQ.QAPZDbyavambfdK9LJUQWyzSRAuELvg_IGTjFdsm6cc Connection:keep-alive Host:localhost:8080 Origin:localhost:3000 Referer:localhost:3000/ User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36POST-请求标头
Accept:*/* Accept-Encoding:gzip, deflate, sdch Accept-Language:es-ES,es;q=0.8,en;q=0.6,pt;q=0.4 Access-Control-Request-Headers:accept, authorization, content-type Access-Control-Request-Method:POST Connection:keep-alive Host:localhost:8080 Origin:localhost:3000 Referer:localhost:3000/ User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36推荐答案
我遇到了类似的问题,然后我意识到前端在实际执行HTTP.OPTIONS请求之前触发了预检请求. 在此处了解更多信息
I had a similar issue and then i realized that the frontend trigger a preflight request before the actual doing a HTTP.OPTIONS request. More info here
此类请求将没有授权令牌,因此对控制器的访问将失败.最自然的解决方案是通过让所有OPTIONS请求通过来设置应用程序的安全性.
Such request will not have the Authorization token and hence the access to the controller will fail.The most natural solution so, will be to set the security of your application by letting pass all the OPTIONS requests.
可以做到
- 将配置设置为您可以在此处看到
- 将您的应用程序必定具有的CorsFilter设置为您可以在此处看到
- Setting the configuration, as you can see here
- Setting the CorsFilter that your application will surely have as you can see here
希望有帮助
更多推荐
Angular.js Post不向Spring JWT发送标头
发布评论