Java Angular 2中使用服务JAX-RS的授权标头
我使用angular 5作为前端,使用java和jersey作为后端来制作um应用程序。当我尝试使用前端服务器时,我遇到了身份验证问题。这是客户端应用程序的代码:Java Angular 2中使用服务JAX-RS的授权标头,java,angular,authentication,oauth,jax-rs,Java,Angular,Authentication,Oauth,Jax Rs,我使用angular 5作为前端,使用java和jersey作为后端来制作um应用程序。当我尝试使用前端服务器时,我遇到了身份验证问题。这是客户端应用程序的代码: const headers = { 'Content-Type': 'application/json', 'Authorization': this.auth.token }; return this.http.get(this.url, { headers: headers, withCredentials: true
const headers = {
'Content-Type': 'application/json',
'Authorization': this.auth.token
};
return this.http.get(this.url, { headers: headers, withCredentials: true })
.toPromise()
.then(this.extractData)
.catch(this.handleErrorPromise);
连接:保持活动状态
pragma:没有缓存
缓存控制:无缓存
访问控制请求方法:获取
来源:
用户代理:Mozilla/5.0(Windows NT 6.1;Win64;x64)AppleWebKit/537.36(KHTML,类似Gecko)Chrome/66.0.3359.181 Safari/537.36
访问控制请求头:授权、内容类型
接受:*/*
接受编码:gzip,放气
接受语言:pt BR,pt;q=0.9,在美国;q=0.8,en;q=0.7
然后我找不到验证的“授权”,有人可以说我哪里出了问题 遵循服务器端的验证代码:
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
Autenticador autenticacao = new Autenticador();
String token;
extrairHeader(requestContext);
if (authorizationHeader != null && authorizationHeader.contains("Bearer ")) {
token = authorizationHeader.substring("Bearer ".length()).trim();
Key key = new KeyGenerator().generateKey();
return autenticacao.tokenValido(token, key);
} else {
return false;
}
这不是实际的请求,而是请求。您可以通过请求中包含的以下标题进行判断:
@Provider
@Priority(Priorities.HEADER_DECORATOR)
@WebFilter(filterName = "AddHeaderFilter", urlPatterns = {"/*"})
public class CORSFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse resp = (HttpServletResponse) servletResponse;
resp.addHeader("Access-Control-Allow-Origin", "*");
resp.addHeader("Access-Control-Allow-Methods", "GET,POST");
resp.addHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
// Just ACCEPT and REPLY OK if OPTIONS
if (request.getMethod().equals("OPTIONS")) {
resp.setStatus(HttpServletResponse.SC_OK);
return;
}
chain.doFilter(request, servletResponse);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
origin访问控制请求方法访问控制请求标题
有关完整的解释以及如何使用JAX-RS过滤器解决此问题,请看一看。我不知道这是否是更好的解决方案,但工作原理如下: 我在服务器端创建了一个新类来验证请求:
@Provider
@Priority(Priorities.HEADER_DECORATOR)
@WebFilter(filterName = "AddHeaderFilter", urlPatterns = {"/*"})
public class CORSFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse resp = (HttpServletResponse) servletResponse;
resp.addHeader("Access-Control-Allow-Origin", "*");
resp.addHeader("Access-Control-Allow-Methods", "GET,POST");
resp.addHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
// Just ACCEPT and REPLY OK if OPTIONS
if (request.getMethod().equals("OPTIONS")) {
resp.setStatus(HttpServletResponse.SC_OK);
return;
}
chain.doFilter(request, servletResponse);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}