spring社交facebook+;api&x2B;angularjs(如何从angular调用->;spring api->;重定向到facebook登录)
这可能只是angularjs的问题!我对前端和angularjs非常陌生 我有一个angularjs登录服务,它调用url“/signin/facebook/”来登录,似乎后端被正确重定向并调用facebook oauth,但我得到了以下错误 [Angularjs登录服务]spring社交facebook+;api&x2B;angularjs(如何从angular调用->;spring api->;重定向到facebook登录),angularjs,spring-social-facebook,Angularjs,Spring Social Facebook,这可能只是angularjs的问题!我对前端和angularjs非常陌生 我有一个angularjs登录服务,它调用url“/signin/facebook/”来登录,似乎后端被正确重定向并调用facebook oauth,但我得到了以下错误 [Angularjs登录服务] app.factory('fbSigninService', function($http){ return{ fb_signin:function(scope){ var
app.factory('fbSigninService', function($http){
return{
fb_signin:function(scope){
var $promise=$http.post('/signin/facebook/',JSON.stringify(scope));
}
}
});
XMLHttpRequest cannot load https://www.facebook.com/v1.0/dialog/oauth?client_id=xxxxxxxxxxxxxxx&respon…t%3A8080%2Fsignin%2Ffacebook%2F&state=12431991-7555-4ed4-90b9-728e11c721f0. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
https://www.facebook.com/v1.0/dialog/oauth?client_id=xxxxxxxxxxxxxxx&respon…t%3A8080%2Fsignin%2Ffacebook%2F&state=12431991-7555-4ed4-90b9-728e11c721f0
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
Request URL:http://localhost:8080/index.html
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:JSESSIONID=3BA4D9DBF38686F2AA527BF408D28EC1
Host:localhost:8080
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/31.0.1650.63 Chrome/31.0.1650.63 Safari/537.36
Response Headersview source
Access-Control-Allow-Headers:x-requested-with
Access-Control-Allow-Methods:POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin:*
Access-Control-Max-Age:3600
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Length:1839
Content-Type:text/html
Date:Wed, 15 Oct 2014 23:15:01 GMT
Expires:0
Last-Modified:Wed, 08 Oct 2014 22:10:40 GMT
Pragma:no-cache
Server:Apache-Coyote/1.1
X-Application-Context:application
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
我正在使用AdvanceREST客户端调用“/sign/facebook/”,它似乎工作正常 重定向#1 重定向#2 重定向#3
您需要允许向域外发送请求(这是一种由浏览器强制实施的安全机制,默认情况下阻止向外部域地址发送请求) 您可能需要配置一个允许客户端访问Facebook的规则-需要添加到服务器的配置中(而不是在服务器中)
如何修复?- 问题在于跨源请求,而不是身份验证本身。spring社交或安全模块中没有处理facebook或任何其他提供商的特定配置。回答您的一个疑问-是的,后端应该处理所有的舞蹈,除了调用身份验证地址之外,您不必从前端执行任何操作 首先,尝试通过服务器对FacebookAPI进行身份验证,方法是执行与angular客户端相同的调用,但使用高级RESTClient for Chrome。看看结果 然后,我将从您的案例中正确实现CORS过滤器开始。要测试CORS是否至少在某种程度上正常工作,请创建一个控制器来处理POST请求,并从Angular发送一个。先测试它,不要使用Facebook API。如果您无法发送帖子,这意味着您必须在继续使用facebook API进行身份验证之前更改CORS过滤器 如果您的简单POST有效(或者,如果无效),请参阅Tomcat文档,了解Cors过滤器的catalina实现。它们提供了过滤器的示例配置,允许您消除任何cors问题(您可以向cors允许的标题添加一个标题“授权”)
如果以上这些都对你没有帮助,请告诉我。虽然我迟到了,但我认为这在一定程度上会有所帮助 SpringSocialAPI可以直接处理所有这些问题。我创建了一个使用Spring社交和AngularJS的示例应用程序。这是一个非常基本的流程,但可能会有所帮助
查看CORS,浏览器不允许脚本访问其他站点的URL,但允许脚本访问其facebook身份验证?是我做得对还是每个人都必须改变?首先,我不应该从脚本中给facebook打电话。它应该调用同一个主机“/signin/facebook/”,并且后端应该进行facebook身份验证调用。没错,那么一定是出了其他问题。无法确切说出这有限代码中的内容。也许你正试图在某个地方加载该URL,而不是将用户重定向到该URL以便他们登录facebook?XMLHttpRequest明确指出浏览器错误而非后端是否有底线?你找到答案了吗?我有同样的问题:-(由于Spring Social使用带有重定向的Spring MVC进行工作,这似乎是不可能的,但Angular是SPA,它不支持重定向。我想确保facebook身份验证处理正确,你能看到我关于这个问题的更新吗?我正在使用Advance REST客户端调用“/signin/facebook/”,它似乎工作正常。还有http帖子工作也很好。你能告诉我如何使用angularjs来调用auth dance吗?我不使用angular来调用api。就像我说的,它只是一个简单的get(或者在你的例子中应该是一篇文章)。好的,谢谢,我以为你在使用angular。spring social有html调用的演示项目。你能在这里或你的GitHub中放几行吗解决方案是什么?这非常具有挑战性,因为Spring Social使用带重定向的Spring MVC,而Angular是SPA,不支持重定向。RestConnectController的部分是什么?它做什么?和其他控制器?前端(Angular)调用什么?谢谢!
To:https://www.facebook.com/v1.0/dialog/oauth?client_id=273118692865062&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fconnect%2Ffacebook&state=00d8c7ee-e178-4d2b-bc86-500505d5eac2 with status: 302 Show explanation HTTP/1.1 302 Found
Redirection information has not been cached.
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: x-requested-with
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
X-Application-Context: application
Location: https://www.facebook.com/v1.0/dialog/oauth?client_id=273118692865062&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fconnect%2Ffacebook&state=00d8c7ee-e178-4d2b-bc86-500505d5eac2
Content-Language: en-US
Content-Length: 0
Date: Thu, 16 Oct 2014 21:50:21 GMT
To:http://localhost:8080/connect/facebook?code=AQCq9wnl_LeecAuWkR0D2252YZICiuWiaFeSUqISaUzQ7vfHHWI1sMsqSWO5kpgUQG0URi5NI52UX3zBpKTwj7rnnzQKOnxjUbyxwN-Z3a3rt1G3P84ONaCrsUO-LuM0_bpvROzWzno0pK9_lf-KI5JhqBvWWRGuWGEKz1FKl816rbrEP_nmh97BBM5oW3IYbvjuhKSghINp2ilADgLabMFTC76zN41HRjWE7X1bXGLaXY3EtQG61R5FGo7QV-W9iWtH3PCZw4gP_DByiDdUrObo1OsECWSkdh6q7a-EsuJ_QZe5zqQJbhEf2GHal5AC9YU&state=00d8c7ee-e178-4d2b-bc86-500505d5eac2#_=_ with status: 302 Show explanation HTTP/1.1 302 forced.302
Redirection information has not been cached.
status: 302 forced.302
version: HTTP/1.1
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src *;script-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' https://*.akamaihd.net http://*.akamaihd.net *.atlassolutions.com chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl;style-src * 'unsafe-inline';connect-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.spotilocal.com:* https://*.akamaihd.net wss://*.facebook.com:* ws://*.facebook.com:* http://*.akamaihd.net https://fb.scanandcleanlocal.com:* *.atlassolutions.com http://attachment.fbsbx.com https://attachment.fbsbx.com;
content-type: text/html; charset=utf-8
date: Thu, 16 Oct 2014 21:50:21 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v1.0
location: http://localhost:8080/connect/facebook?code=AQCq9wnl_LeecAuWkR0D2252YZICiuWiaFeSUqISaUzQ7vfHHWI1sMsqSWO5kpgUQG0URi5NI52UX3zBpKTwj7rnnzQKOnxjUbyxwN-Z3a3rt1G3P84ONaCrsUO-LuM0_bpvROzWzno0pK9_lf-KI5JhqBvWWRGuWGEKz1FKl816rbrEP_nmh97BBM5oW3IYbvjuhKSghINp2ilADgLabMFTC76zN41HRjWE7X1bXGLaXY3EtQG61R5FGo7QV-W9iWtH3PCZw4gP_DByiDdUrObo1OsECWSkdh6q7a-EsuJ_QZe5zqQJbhEf2GHal5AC9YU&state=00d8c7ee-e178-4d2b-bc86-500505d5eac2#_=_
pragma: no-cache
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
x-fb-debug: ESLliRqmaFv9DBXraKZN4X3FRH36D8lnMegz7e9Udqv5aECkJwU7DiWbQ+g+d9X4G+30cP27b3nCs9BsDIlM6w==
x-frame-options: DENY
x-xss-protection: 0
To:http://localhost:8080/connect/facebook#_=_ with status: 302 Show explanation HTTP/1.1 302 Found
Redirection information has not been cached.
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: x-requested-with
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
X-Application-Context: application
Location: http://localhost:8080/connect/facebook
Content-Language: en-US
Content-Length: 0
Date: Thu, 16 Oct 2014 21:50:21 GMT