Http 应该使用什么授权头类型来发送新的JWT身份验证令牌?
我正在构建一个RESTful API,并使用JWTs进行身份验证。我需要偶尔发送回身份验证令牌,并且我希望避免在JSON中来回发送JWT。我宁愿让前端通过头进行协商授权,以避免使我的请求变得混乱 当前端发送令牌时,类型为Http 应该使用什么授权头类型来发送新的JWT身份验证令牌?,http,authentication,types,header,authorization,Http,Authentication,Types,Header,Authorization,我正在构建一个RESTful API,并使用JWTs进行身份验证。我需要偶尔发送回身份验证令牌,并且我希望避免在JSON中来回发送JWT。我宁愿让前端通过头进行协商授权,以避免使我的请求变得混乱 当前端发送令牌时,类型为承载 Authorization: Bearer [JWT Token] 但是当服务器向客户端提供令牌时,我似乎找不到服务器的类型 Authorization: [What Goes Here?] [JWT Token] 该头的类型应该是什么?您需要创建一个自定义的angul
承载Authorization: Bearer [JWT Token]
Authorization: [What Goes Here?] [JWT Token]
该头的类型应该是什么?您需要创建一个自定义的angular http服务,在每个请求上注入jwt令牌 像这样的
import {
Http,
ConnectionBackend,
Headers,
Request,
RequestOptions,
RequestOptionsArgs,
Response,
RequestMethod,
} from '@angular/http';
import { Observable } from 'rxjs/Observable';
import { ErrorObservable } from 'rxjs/observable/ErrorObservable';
import { SecurityService } from './security.service';
import { CookieService } from '../cookie';
/**
* Custom Http client that handles conversions to json, adds CSRF token, and jwt token and redirects to signin if token is missing
*/
export class SecureHttp extends Http {
constructor(
backend: ConnectionBackend,
defaultOptions: RequestOptions,
private securityService: SecurityService,
private cookieService: CookieService
) {
super(backend, defaultOptions);
}
request(url: string | Request, options?: RequestOptionsArgs): Observable<any> {
if (typeof url === 'string') {
return this.get(url, options); // Recursion: transform url from String to Request
}
return this.sendRequest(url, options);
}
get(url: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Get, url: url, body: '' }, options);
}
post(url: string, body: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Post, url: url, body: body }, options);
}
put(url: string, body: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Put, url: url, body: body }, options);
}
delete(url: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Delete, url: url, body: '' }, options);
}
patch(url: string, body: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Patch, url: url, body: body }, options);
}
head(url: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Head, url: url, body: '' }, options);
}
private sendRequest(requestOptionsArgs: RequestOptionsArgs, options?: RequestOptionsArgs): Observable<any> {
let requestOptions = new RequestOptions(requestOptionsArgs);
// Convert body to stringified json if it's not a string already
if (typeof requestOptions.body === 'string') {
requestOptions.body = JSON.stringify(requestOptions.body);
}
// Get xsrf token from spring security cookie
const csrfToken: string = this.cookieService.get('XSRF-TOKEN');
let baseOptions: RequestOptions = new RequestOptions({
headers: new Headers({
'Content-Type': 'application/json',
'X-Requested-With': 'XMLHttpRequest',
'X-XSRF-TOKEN': csrfToken
})
});
// securityService.accessToken returns an Observable with a JWT token
return this.securityService.accessToken$.mergeMap(token => {
// If there is a token we add it to the baseOptions
if (token) {
baseOptions.headers.set('Authorization', 'Bearer ' + token);
}
// We create a request from the passed in method, url, body and merge our base options in there
let request = new Request(baseOptions.merge(requestOptions));
return super.request(request, options)
.map(res => res.json())
.catch(this.errorHandler);
});
}
private errorHandler(errorResponse: Response): Observable<any> | ErrorObservable<any> {
if (errorResponse.status === 401) {
console.log('redirecting to login');
window.location.href = '/login';
return Observable.empty();
}
console.error(errorResponse);
return Observable.throw(errorResponse.text().length > 0 ? errorResponse.json() : { status: 'error' });
}
}
导入{
Http,,
连接后端,
标题,
要求
请求选项,
请求选项参数,
答复,,
请求方法,
}来自“@angular/http”;
从“rxjs/Observable”导入{Observable};
从“rxjs/observable/ErrorObservable”导入{ErrorObservable};
从“./security.service”导入{SecurityService};
从“../cookie”导入{CookieService};
/**
*自定义Http客户端,处理到json的转换,添加CSRF令牌和jwt令牌,并在缺少令牌时重定向到signin
*/
导出类SecureHttp扩展了Http{
建造师(
后端:ConnectionBackend,
defaultOptions:RequestOptions,
私人安全服务:安全服务,
私人厨师服务:厨师服务
) {
超级(后端,默认选项);
}
请求(url:string |请求,选项?:RequestOptionsArgs):可观察{
如果(url的类型=='string'){
返回此.get(url,选项);//递归:将url从字符串转换为请求
}
返回此.sendRequest(url、选项);
}
获取(url:string,options?:RequestOptionsArgs):可观察{
返回此.sendRequest({method:RequestMethod.Get,url:url,正文:“”,选项);
}
post(url:string,body:string,options?:RequestOptionsArgs):可观察{
返回this.sendRequest({method:RequestMethod.Post,url:url,body:body},options);
}
put(url:string,body:string,options?:RequestOptionsArgs):可观察{
返回this.sendRequest({method:RequestMethod.Put,url:url,body:body},options);
}
删除(url:string,options?:RequestOptionsArgs):可观察{
返回此.sendRequest({method:RequestMethod.Delete,url:url,正文:'},选项);
}
补丁(url:string,body:string,options?:RequestOptionsArgs):可观察{
返回this.sendRequest({method:RequestMethod.Patch,url:url,body:body},options);
}
head(url:string,options?:RequestOptionsArgs):可观察{
返回此.sendRequest({method:RequestMethod.Head,url:url,body:'},选项);
}
私有sendRequest(RequestOptions参数:RequestOptions参数,选项?:RequestOptions参数):可观察{
让requestOptions=newrequestoptions(requestOptionsArgs);
//如果正文不是字符串,则将其转换为字符串化json
if(typeof requestOptions.body=='string'){
requestOptions.body=JSON.stringify(requestOptions.body);
}
//从spring安全cookie获取xsrf令牌
const csrfToken:string=this.cookieService.get('XSRF-TOKEN');
let baseOptions:RequestOptions=newrequestoptions({
标题:新标题({
“内容类型”:“应用程序/json”,
“X-request-With':“XMLHttpRequest”,
“X-XSRF-TOKEN”:csrfToken
})
});
//securityService.accessToken返回一个带有JWT令牌的可观察对象
返回此.securityService.accessToken$.mergeMap(令牌=>{
//如果有令牌,我们将其添加到baseOptions
如果(令牌){
baseOptions.headers.set('Authorization'、'Bearer'+令牌);
}
//我们从传入的方法、url和body创建一个请求,并在其中合并我们的基本选项
let request=新请求(baseOptions.merge(requestOptions));
返回超级请求(请求,选项)
.map(res=>res.json())
.catch(this.errorHandler);
});
}
私有errorHandler(errorResponse:Response):可观察的|可观察的errorHandler{
if(errorResponse.status==401){
log(“重定向到登录”);
window.location.href='/login';
return-Observable.empty();
}
控制台错误(错误响应);
返回Observable.throw(errorResponse.text().length>0?errorResponse.json():{status:'error'});
}
}