Java 通过ajax从具有不同端口的域进行Spring安全登录
我正在开发一个web服务,包括三个带有spring boot的web服务器:Java 通过ajax从具有不同端口的域进行Spring安全登录,java,ajax,spring,spring-security,spring-boot,Java,Ajax,Spring,Spring Security,Spring Boot,我正在开发一个web服务,包括三个带有spring boot的web服务器: 1.本地主机:8080-ui 2.本地主机:9999-uaa(authserver) 3.本地主机:9000-ressource 我以这个示例存储库为例,使用UserDetailsService和用于登录过程的自定义authenticationSuccessHandler/authenticationFailureHandler对其进行了修改 我希望我的登录页面位于localhost:8080,并向localhost:
1.本地主机:8080-ui
2.本地主机:9999-uaa(authserver)
3.本地主机:9000-ressource
我以这个示例存储库为例,使用UserDetailsService和用于登录过程的自定义authenticationSuccessHandler/authenticationFailureHandler对其进行了修改 我希望我的登录页面位于localhost:8080,并向localhost:9999发出ajax/angularjs请求进行登录。这可以正常工作,但我没有在响应头中获得uaa服务器发出的jsessionid,因此我无法发出任何安全请求。 如何修改authserver以将jsessionid作为cookie发送回ui服务器 这是响应头,如果我想在authserver上使用模板(如示例存储库)并发出请求: 这是响应头,如果我通过localhost:8080向authserver发出请求: 源代码: -Authserver(本地主机:9999) -ui服务器(本地主机:8080) application.yml
server:
port: 8080
debug: true
spring:
aop:
proxy-target-class: true
security:
user:
password: none
oauth2:
client:
accessTokenUri: http://localhost:9999/uaa/oauth/token
userAuthorizationUri: http://localhost:9999/uaa/oauth/authorize
clientId: acme
clientSecret: acmesecret
resource:
jwt:
keyValue: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGp/Q5lh0P8nPL21oMMrt2RrkT9AW5jgYwLfSUnJVc9G6uR3cXRRDCjHqWU5WYwivcF180A6CWp/ireQFFBNowgc5XaA0kPpzEtgsA5YsNX7iSnUibB004iBTfU9hZ2Rbsc8cWqynT0RyN4TP1RYVSeVKvMQk4GT1r7JCEC+TNu1ELmbNwMQyzKjsfBXyIOCFU/E94ktvsTZUHF4Oq44DBylCDsS1k7/sfZC2G5EU7Oz0mhG8+Uz6MSEQHtoIi6mc8u64Rwi3Z3tscuWG2ShtsUFuNSAFNkY7LkLn+/hxLCu2bNISMaESa8dG22CIMuIeRLVcAmEWEWH5EEforTg+QIDAQAB
-----END PUBLIC KEY-----
zuul:
routes:
resource:
path: /resource/**
url: http://localhost:9000/resource
user:
path: /uaa/**
url: http://localhost:9999/uaa
logging:
level:
org.springframework.security: DEBUG
签名
'use strict';
angular.module('loginUser').controller('LoginViewController', function($scope, $http) {
$scope.login = function() {
$http({
method: 'POST',
url: '/uaa/login',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
transformRequest: function(obj) {
var str = [];
for(var p in obj)
str.push(encodeURIComponent(p) + "=" + encodeURIComponent(obj[p]));
return str.join("&");
},
data: {"username": $scope.user.username, "password": $scope.user.password}
})
.success(function (data) {
console.log(data);
})
.error(function(data, status) {
console.log(data);
console.log(status);
});
}
});
angular.module('loginUser').run(function run($http, $cookies){
$http.defaults.headers.post['X-XSRF-TOKEN'] = $cookies['XSRF-TOKEN'];
$http.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
});
如何将ui服务器用作authserver的网关?
server:
port: 8080
debug: true
spring:
aop:
proxy-target-class: true
security:
user:
password: none
oauth2:
client:
accessTokenUri: http://localhost:9999/uaa/oauth/token
userAuthorizationUri: http://localhost:9999/uaa/oauth/authorize
clientId: acme
clientSecret: acmesecret
resource:
jwt:
keyValue: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGp/Q5lh0P8nPL21oMMrt2RrkT9AW5jgYwLfSUnJVc9G6uR3cXRRDCjHqWU5WYwivcF180A6CWp/ireQFFBNowgc5XaA0kPpzEtgsA5YsNX7iSnUibB004iBTfU9hZ2Rbsc8cWqynT0RyN4TP1RYVSeVKvMQk4GT1r7JCEC+TNu1ELmbNwMQyzKjsfBXyIOCFU/E94ktvsTZUHF4Oq44DBylCDsS1k7/sfZC2G5EU7Oz0mhG8+Uz6MSEQHtoIi6mc8u64Rwi3Z3tscuWG2ShtsUFuNSAFNkY7LkLn+/hxLCu2bNISMaESa8dG22CIMuIeRLVcAmEWEWH5EEforTg+QIDAQAB
-----END PUBLIC KEY-----
zuul:
routes:
resource:
path: /resource/**
url: http://localhost:9000/resource
user:
path: /uaa/**
url: http://localhost:9999/uaa
logging:
level:
org.springframework.security: DEBUG
'use strict';
angular.module('loginUser').controller('LoginViewController', function($scope, $http) {
$scope.login = function() {
$http({
method: 'POST',
url: '/uaa/login',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
transformRequest: function(obj) {
var str = [];
for(var p in obj)
str.push(encodeURIComponent(p) + "=" + encodeURIComponent(obj[p]));
return str.join("&");
},
data: {"username": $scope.user.username, "password": $scope.user.password}
})
.success(function (data) {
console.log(data);
})
.error(function(data, status) {
console.log(data);
console.log(status);
});
}
});
angular.module('loginUser').run(function run($http, $cookies){
$http.defaults.headers.post['X-XSRF-TOKEN'] = $cookies['XSRF-TOKEN'];
$http.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
});