Java 在Angular 2中设置授权标头
我在spring中致力于restful服务,并实现了Json Web令牌(JWT)用于身份验证和授权。登录后,将正确的身份验证令牌返回给请求用户。在每个请求中,我检查请求头中的令牌并验证令牌。过滤器的代码如下所示Java 在Angular 2中设置授权标头,java,spring,angular,angular2-http,Java,Spring,Angular,Angular2 Http,我在spring中致力于restful服务,并实现了Json Web令牌(JWT)用于身份验证和授权。登录后,将正确的身份验证令牌返回给请求用户。在每个请求中,我检查请求头中的令牌并验证令牌。过滤器的代码如下所示 @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletEx
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
String authToken = request.getHeader(this.tokenHeader);
System.out.println(authToken + " ##########################");
String username = flTokenUtil.getUsernameFromToken(authToken);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (flTokenUtil.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
let token = "";
if (undefined != this._tokenService.getToken()) {
token = this._tokenService.getToken().getToken()
}
let header: Headers = new Headers();
header.append('Content-Type', 'application/json');
header.append('Authorization', token);
let options = new RequestOptions({headers: header});
return this.http.get(url, options)
.map(res => {
console.log(res.status)
if (res.status == 200) {
return res.json();
} else if (res.status == 401) {
return null;
} else {
throw new Error('This request has failed ' + res.status);
}
});
我做错了什么?在angular 2中设置收割台的正确方法是什么。如何解决此问题?向您的身份验证标头和内容类型标头添加承载者,如下所示:
headers.append("content-type", "application/x-www-form-urlencode");
headers.append("Authorization", "Bearer " + this.accessToken);
向您的身份验证标头和内容类型标头添加承载,如下所示:
headers.append("content-type", "application/x-www-form-urlencode");
headers.append("Authorization", "Bearer " + this.accessToken);
如果你想要一个更持久的解决方案,我有一个给你 通过对angular的http服务进行子类化,您可以注入子类化的版本,然后始终添加头
import {
Http,
ConnectionBackend,
Headers,
Request,
RequestOptions,
RequestOptionsArgs,
Response,
RequestMethod,
} from '@angular/http';
import { Observable } from 'rxjs/Observable';
import { ErrorObservable } from 'rxjs/observable/ErrorObservable';
// A service that can get the logged in users jwt token as an observable
import { SecurityService } from './security.service';
// A service that handles cookies (angular2-cookie)
import { CookieService } from '../cookie';
/**
* Custom Http client that handles conversions to json, adds CSRF token, and jwt token and redirects to signin if token is missing
*/
export class SecureHttp extends Http {
constructor(
backend: ConnectionBackend,
defaultOptions: RequestOptions,
private securityService: SecurityService,
private cookieService: CookieService
) {
super(backend, defaultOptions);
}
request(url: string | Request, options?: RequestOptionsArgs): Observable<any> {
if (typeof url === 'string') {
return this.get(url, options); // Recursion: transform url from String to Request
}
return this.sendRequest(url, options);
}
get(url: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Get, url: url, body: '' }, options);
}
post(url: string, body: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Post, url: url, body: body }, options);
}
put(url: string, body: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Put, url: url, body: body }, options);
}
delete(url: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Delete, url: url, body: '' }, options);
}
patch(url: string, body: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Patch, url: url, body: body }, options);
}
head(url: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Head, url: url, body: '' }, options);
}
private sendRequest(requestOptionsArgs: RequestOptionsArgs, options?: RequestOptionsArgs): Observable<any> {
let requestOptions = new RequestOptions(requestOptionsArgs);
// Convert body to stringified json if it's not a string already
if (typeof requestOptions.body !== 'string') {
requestOptions.body = JSON.stringify(requestOptions.body);
}
// Get xsrf token from spring security cookie
// by adding .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
const csrfToken: string = this.cookieService.get('XSRF-TOKEN');
let baseOptions: RequestOptions = new RequestOptions({
headers: new Headers({
'Content-Type': 'application/json',
'X-Requested-With': 'XMLHttpRequest',
'X-XSRF-TOKEN': csrfToken
})
});
return this.securityService.accessToken$.mergeMap(token => {
// If there is a token we add it to the baseOptions
if (token) {
baseOptions.headers.set('Authorization', 'Bearer ' + token);
}
// We create a request from the passed in method, url, body and merge our base options in there
let request = new Request(baseOptions.merge(requestOptions));
return super.request(request, options)
.map(res => res.json())
.catch(this.errorHandler);
});
}
private errorHandler(errorResponse: Response): Observable<any> | ErrorObservable {
if (errorResponse.status === 401) {
console.log('redirecting to login');
window.location.href = '/login';
return Observable.empty();
}
// If it's a serious problem we can log it to a service if we want to
if (errorResponse.status === 500) {
// this.errorReporter.logError(errorResponse);
}
console.error(errorResponse);
return Observable.throw(errorResponse.text().length > 0 ? errorResponse.json() : { status: 'error' });
}
}
如果你想要一个更持久的解决方案,我有一个给你 通过对angular的http服务进行子类化,您可以注入子类化的版本,然后始终添加头
import {
Http,
ConnectionBackend,
Headers,
Request,
RequestOptions,
RequestOptionsArgs,
Response,
RequestMethod,
} from '@angular/http';
import { Observable } from 'rxjs/Observable';
import { ErrorObservable } from 'rxjs/observable/ErrorObservable';
// A service that can get the logged in users jwt token as an observable
import { SecurityService } from './security.service';
// A service that handles cookies (angular2-cookie)
import { CookieService } from '../cookie';
/**
* Custom Http client that handles conversions to json, adds CSRF token, and jwt token and redirects to signin if token is missing
*/
export class SecureHttp extends Http {
constructor(
backend: ConnectionBackend,
defaultOptions: RequestOptions,
private securityService: SecurityService,
private cookieService: CookieService
) {
super(backend, defaultOptions);
}
request(url: string | Request, options?: RequestOptionsArgs): Observable<any> {
if (typeof url === 'string') {
return this.get(url, options); // Recursion: transform url from String to Request
}
return this.sendRequest(url, options);
}
get(url: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Get, url: url, body: '' }, options);
}
post(url: string, body: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Post, url: url, body: body }, options);
}
put(url: string, body: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Put, url: url, body: body }, options);
}
delete(url: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Delete, url: url, body: '' }, options);
}
patch(url: string, body: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Patch, url: url, body: body }, options);
}
head(url: string, options?: RequestOptionsArgs): Observable<any> {
return this.sendRequest({ method: RequestMethod.Head, url: url, body: '' }, options);
}
private sendRequest(requestOptionsArgs: RequestOptionsArgs, options?: RequestOptionsArgs): Observable<any> {
let requestOptions = new RequestOptions(requestOptionsArgs);
// Convert body to stringified json if it's not a string already
if (typeof requestOptions.body !== 'string') {
requestOptions.body = JSON.stringify(requestOptions.body);
}
// Get xsrf token from spring security cookie
// by adding .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
const csrfToken: string = this.cookieService.get('XSRF-TOKEN');
let baseOptions: RequestOptions = new RequestOptions({
headers: new Headers({
'Content-Type': 'application/json',
'X-Requested-With': 'XMLHttpRequest',
'X-XSRF-TOKEN': csrfToken
})
});
return this.securityService.accessToken$.mergeMap(token => {
// If there is a token we add it to the baseOptions
if (token) {
baseOptions.headers.set('Authorization', 'Bearer ' + token);
}
// We create a request from the passed in method, url, body and merge our base options in there
let request = new Request(baseOptions.merge(requestOptions));
return super.request(request, options)
.map(res => res.json())
.catch(this.errorHandler);
});
}
private errorHandler(errorResponse: Response): Observable<any> | ErrorObservable {
if (errorResponse.status === 401) {
console.log('redirecting to login');
window.location.href = '/login';
return Observable.empty();
}
// If it's a serious problem we can log it to a service if we want to
if (errorResponse.status === 500) {
// this.errorReporter.logError(errorResponse);
}
console.error(errorResponse);
return Observable.throw(errorResponse.text().length > 0 ? errorResponse.json() : { status: 'error' });
}
}
我采用了另一种方法。 在URL和筛选器中追加令牌我正在拆分此令牌并将其用于身份验证。还可以使用请求包装器类并发送原始URL以进行进一步操作。
我采用了另一种方法。 在URL和筛选器中追加令牌我正在拆分此令牌并将其用于身份验证。还可以使用请求包装器类并发送原始URL以进行进一步操作。
如果您将console.log记录到this.\u tokenService.getToken()。getToken()是令牌吗?尝试在chrome的开发者工具中调试请求,在那里你可以看到授权头是否被正确发送。设置了yes令牌。我检查过了。它也可以在FireBug的请求头中看到。代码可能会增长得非常快。。。考虑使用像盎格鲁2休息这样的图书馆解决这个问题吗?有完全相同的问题。如果您将console.log记录为this.\u tokenService.getToken()。getToken()是令牌吗?尝试在chrome的开发者工具中调试请求,在那里你可以看到授权头是否被正确发送。设置了yes令牌。我检查过了。它也可以在FireBug的请求头中看到。代码可能会增长得非常快。。。考虑使用像盎格鲁2休息这样的图书馆解决这个问题吗?有完全相同的问题。它不应该也有一个冒号吗<代码>承载:或者这是可选的?我认为这是服务器端的问题,因为当我第一次请求登录时,该时间令牌为空,并且筛选器收到“承载”作为令牌,这意味着登录请求会收到令牌,但在其他请求之后,服务器端会显示null。在FireBug的请求头中也可以看到令牌,但我不理解当我从邮局打电话时会收到令牌。它不也有冒号吗<代码>承载:或者这是可选的?我认为这是服务器端的问题,因为当我第一次请求登录时,该时间令牌为空,并且筛选器收到“承载”作为令牌,这意味着登录请求收到令牌,但在其他请求收到令牌后,服务器端显示为空。FireBug中的请求头中也可以看到令牌,但我不理解当我从邮局打电话时收到令牌。若要获得任何答案,请提供至少简短的代码(伪代码即可)对于详细的分析,您可以提供帮助链接。链接确实会随着时间的推移而改变,但是您的答案将始终可用。对于任何答案,请提供至少简短的代码(伪代码也可以),对于详细的分析,您可以提供帮助链接。链接确实会随着时间的推移而改变,但您的答案将始终可用