Fatal编程技术网
  • angular/
  • 使用spring security在angular中保持Http连接请求头的活动状态

使用spring security在angular中保持Http连接请求头的活动状态

angular typescript

使用spring security在angular中保持Http连接请求头的活动状态,angular,typescript,Angular,Typescript,我正在尝试将AngularJS项目转换为Angular4。因此,在我登录应用程序后,我面临一个保持Http连接活动的问题 我的请求如下: POST/myapp服务/login.html?用户名=管理员&密码=管理员 在两个angular版本中,我在提交登录表单后得到202作为响应代码。我发现关于连接头的一个主要区别。在AngularJS中没有任何连接:close,但在Angular4中我找到了连接:close。我面临的问题是角度4。我无法继续执行Angular 4中的后续请求,它一次又一次地将l

我正在尝试将AngularJS项目转换为Angular4。因此,在我登录应用程序后,我面临一个保持Http连接活动的问题

我的请求如下:

POST/myapp服务/login.html?用户名=管理员&密码=管理员

在两个angular版本中,我在提交登录表单后得到202作为响应代码。我发现关于
连接
头的一个主要区别。在AngularJS中没有任何
连接:close
,但在Angular4中我找到了
连接:close
。我面临的问题是角度4。我无法继续执行Angular 4中的后续请求,它一次又一次地将loign.html重定向给我。基本上,在向服务器发出任何请求之前,我会尝试登录应用程序。问题在哪里

我在Angular 4中使用proxy.config:

{
    "/myapp-services":{
        "target":"https://localhost:8443/",
        "secure":false,
        "loglevel":"debug"
    }
}
下面是我在两个版本中的响应和请求头

AngularJS:

概述:

Request URL: https://localhost:8443/myapp-services/login.html?username=admin&password=admin
Request Method: POST
Status Code: 200 OK
Remote Address: [::1]:8443
Referrer Policy: no-referrer-when-downgrade

Request URL: http://localhost:4200/myapp-services/login.html?username=admin&password=admin
Request Method: POST
Status Code: 200 OK
Remote Address: 127.0.0.1:4200
Referrer Policy: no-referrer-when-downgrade

响应标题:

Access-Control-Allow-Headers: x-requested-with, Content-Type
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Tue, 10 Jul 2018 08:27:03 GMT
Expires: 0
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9A05186F8DF53656747EDFA7567E7A4E; Path=/myapp-services; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,es;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Cookie: JSESSIONID=07CB8F42CB8B582768E0813C18AA733F
Host: localhost:8443
Origin: https://localhost:8443
Pragma: no-cache
Referer: https://localhost:8443/myapp-services/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

access-control-allow-headers: x-requested-with, Content-Type
access-control-allow-methods: POST, GET, PUT, OPTIONS, DELETE
access-control-allow-origin: *
access-control-max-age: 3600
cache-control: no-cache, no-store, max-age=0, must-revalidate
connection: close
content-length: 0
date: Tue, 10 Jul 2018 08:30:04 GMT
expires: 0
pragma: no-cache
server: Apache-Coyote/1.1
set-cookie: JSESSIONID=02F1318A13C4A08CA3A0D4E9E1816E5A; Path=/myapp-services; Secure; HttpOnly
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
X-Powered-By: Express
x-xss-protection: 1; mode=block

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,es;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: application/json
Host: localhost:4200
Origin: http://localhost:4200
Pragma: no-cache
Referer: http://localhost:4200/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
X-Requested-With: XMLHttpRequest

请求头:

Access-Control-Allow-Headers: x-requested-with, Content-Type
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Tue, 10 Jul 2018 08:27:03 GMT
Expires: 0
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9A05186F8DF53656747EDFA7567E7A4E; Path=/myapp-services; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,es;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Cookie: JSESSIONID=07CB8F42CB8B582768E0813C18AA733F
Host: localhost:8443
Origin: https://localhost:8443
Pragma: no-cache
Referer: https://localhost:8443/myapp-services/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

access-control-allow-headers: x-requested-with, Content-Type
access-control-allow-methods: POST, GET, PUT, OPTIONS, DELETE
access-control-allow-origin: *
access-control-max-age: 3600
cache-control: no-cache, no-store, max-age=0, must-revalidate
connection: close
content-length: 0
date: Tue, 10 Jul 2018 08:30:04 GMT
expires: 0
pragma: no-cache
server: Apache-Coyote/1.1
set-cookie: JSESSIONID=02F1318A13C4A08CA3A0D4E9E1816E5A; Path=/myapp-services; Secure; HttpOnly
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
X-Powered-By: Express
x-xss-protection: 1; mode=block

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,es;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: application/json
Host: localhost:4200
Origin: http://localhost:4200
Pragma: no-cache
Referer: http://localhost:4200/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
X-Requested-With: XMLHttpRequest
角度4:

概述:

Request URL: https://localhost:8443/myapp-services/login.html?username=admin&password=admin
Request Method: POST
Status Code: 200 OK
Remote Address: [::1]:8443
Referrer Policy: no-referrer-when-downgrade

Request URL: http://localhost:4200/myapp-services/login.html?username=admin&password=admin
Request Method: POST
Status Code: 200 OK
Remote Address: 127.0.0.1:4200
Referrer Policy: no-referrer-when-downgrade

响应标题:

Access-Control-Allow-Headers: x-requested-with, Content-Type
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Tue, 10 Jul 2018 08:27:03 GMT
Expires: 0
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9A05186F8DF53656747EDFA7567E7A4E; Path=/myapp-services; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,es;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Cookie: JSESSIONID=07CB8F42CB8B582768E0813C18AA733F
Host: localhost:8443
Origin: https://localhost:8443
Pragma: no-cache
Referer: https://localhost:8443/myapp-services/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

access-control-allow-headers: x-requested-with, Content-Type
access-control-allow-methods: POST, GET, PUT, OPTIONS, DELETE
access-control-allow-origin: *
access-control-max-age: 3600
cache-control: no-cache, no-store, max-age=0, must-revalidate
connection: close
content-length: 0
date: Tue, 10 Jul 2018 08:30:04 GMT
expires: 0
pragma: no-cache
server: Apache-Coyote/1.1
set-cookie: JSESSIONID=02F1318A13C4A08CA3A0D4E9E1816E5A; Path=/myapp-services; Secure; HttpOnly
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
X-Powered-By: Express
x-xss-protection: 1; mode=block

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,es;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: application/json
Host: localhost:4200
Origin: http://localhost:4200
Pragma: no-cache
Referer: http://localhost:4200/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
X-Requested-With: XMLHttpRequest

请求头:

Access-Control-Allow-Headers: x-requested-with, Content-Type
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Tue, 10 Jul 2018 08:27:03 GMT
Expires: 0
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9A05186F8DF53656747EDFA7567E7A4E; Path=/myapp-services; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,es;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Cookie: JSESSIONID=07CB8F42CB8B582768E0813C18AA733F
Host: localhost:8443
Origin: https://localhost:8443
Pragma: no-cache
Referer: https://localhost:8443/myapp-services/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

access-control-allow-headers: x-requested-with, Content-Type
access-control-allow-methods: POST, GET, PUT, OPTIONS, DELETE
access-control-allow-origin: *
access-control-max-age: 3600
cache-control: no-cache, no-store, max-age=0, must-revalidate
connection: close
content-length: 0
date: Tue, 10 Jul 2018 08:30:04 GMT
expires: 0
pragma: no-cache
server: Apache-Coyote/1.1
set-cookie: JSESSIONID=02F1318A13C4A08CA3A0D4E9E1816E5A; Path=/myapp-services; Secure; HttpOnly
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
X-Powered-By: Express
x-xss-protection: 1; mode=block

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,hi;q=0.8,es;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: application/json
Host: localhost:4200
Origin: http://localhost:4200
Pragma: no-cache
Referer: http://localhost:4200/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
X-Requested-With: XMLHttpRequest
在我的例子中,是SSL配置问题。我的服务器是HTTPS,我通过HTTP发送数据。在这种情况下,我必须在angular中启用SSL。使用ssl true启动服务器对我有效
ng serve--proxy config proxy.config.json--ssl true

与问题无关,建议不要在查询字符串中使用
username=admin&password=admin
,因为这会带来安全风险。web服务器日志通常记录查询字符串,人们可以很容易地从中找到用户的密码。是的!这不是我目前的问题。我将作为安全漏洞修复程序sprint的一部分进行修复。
Cookie:JSESSIONID=07CB8F42CB8B582768E0813C18AA733F
不存在于您的Angular 4请求头中。看起来您使用的是angular dev server localhost:4200,而不是像第一个示例中那样与Tomcat对话。你可能得看看那部分是的!这就是问题所在,但无法找到解决方案。你是说它能在生产中使用吗?我不确定你的设计是否正确。您不应该使用用户名和密码在
login.html
上执行
httpget
,而应该使用
HTTP
对象从
login组件调用login API