Angularjs 对Spring rest的安全性登录请求
我是一个新来的春天保安。我对SpringREST的安全性感到困惑,但找不到任何完整的解决方案。我有以下情况: 1) 我已经创建了angular js服务,它对spring rest进行$http调用 2) 我希望spring security截取此url(/login),并相应地返回响应 如果我直接访问url,那么我尝试了什么?它工作正常,它要求输入用户名和密码,输入正确的用户和密码后,我得到了结果,但与我在AngularJs中所做的相同;它给了我以下的错误Angularjs 对Spring rest的安全性登录请求,angularjs,spring,spring-security,spring-rest,Angularjs,Spring,Spring Security,Spring Rest,我是一个新来的春天保安。我对SpringREST的安全性感到困惑,但找不到任何完整的解决方案。我有以下情况: 1) 我已经创建了angular js服务,它对spring rest进行$http调用 2) 我希望spring security截取此url(/login),并相应地返回响应 如果我直接访问url,那么我尝试了什么?它工作正常,它要求输入用户名和密码,输入正确的用户和密码后,我得到了结果,但与我在AngularJs中所做的相同;它给了我以下的错误 angular.js:10514 O
angular.js:10514 OPTIONS http://localhost:8123/SpringMVC/rest/login/ (anonymous function) @ angular.js:10514sendReq @ angular.js:10333serverRequest @ angular.js:10045processQueue @ angular.js:14567(anonymous function) @ angular.js:14583$eval @ angular.js:15846$digest @ angular.js:15657$apply @ angular.js:15951bootstrapApply @ angular.js:1633invoke @ angular.js:4450doBootstrap @ angular.js:1631bootstrap @ angular.js:1651angularInit @ angular.js:1545(anonymous function) @ angular.js:28359trigger @ angular.js:2996eventHandler @ angular.js:3271
localhost/:1 XMLHttpRequest cannot load http://localhost:8111/SpringMVC/rest/categories/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8234' is therefore not allowed access. The response had HTTP status code 401.
请建议如何在fronend中正确配置标头,以及在不同服务器上运行angular和rest应用程序的后端
这在SecurityConfiguration.java中
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll()
.anyRequest().authenticated();
}
这就是我在入口点所做的:
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
//prevent default behaviour
if (request.getMethod().equals("OPTIONS")) {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE");
response.addHeader("Access-Control-Max-Age", "3600");
response.addHeader("Access-Control-Allow-Headers",
" Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");
}
else
{
System.out.println("hello from server");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
}
尝试添加-
response.setHeader("Access-Control-Request-Headers", "X-Requested-With, Content-Type, Accept");
也更新
response.addHeader("Access-Control-Allow-Headers",
" Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");
到
尝试添加-
response.setHeader("Access-Control-Request-Headers", "X-Requested-With, Content-Type, Accept");
也更新
response.addHeader("Access-Control-Allow-Headers",
" Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");
到
谢谢kushagra但问题是一样的,如果我直接访问服务器url,询问用户名和密码,并显示正确的页面,但是从angular我将如何发送用户名和密码来解决它,那么我是否要添加以在angular端添加标题?请求类型为xhr以获取您的信息,我得到的错误是后端代码401中提到的自定义代码。I在angular中配置了正确的标题,其工作现在感谢回复。感谢kushagra,但问题是相同的,如果我直接访问服务器url,询问用户名和密码,并显示正确的页面,但是从angular我将如何发送用户名和密码来解决它,那么我是否要添加以在angular端添加标题?请求类型为xhr以获取您的信息,我得到的错误是后端代码401中提到的自定义代码。I在angular中配置了正确的标题,现在感谢您的回复。