Fatal编程技术网
  • javascript/
  • 通过Javascript发送授权令牌承载

通过Javascript发送授权令牌承载

javascript jquery jwt

通过Javascript发送授权令牌承载,javascript,jquery,jwt,Javascript,Jquery,Jwt,我试图通过Javascript将授权令牌承载发送到REST端点,因此我采用以下方式: $.ajax( { url: 'http://localhost:8080/resourceserver/protected-no-scope', type: 'GET', beforeSend : function( xhr ) { xhr.setRequestHeader( "Authorization", "Bearer " + token ); },

我试图通过Javascript将授权令牌承载发送到REST端点,因此我采用以下方式:

$.ajax( {
    url: 'http://localhost:8080/resourceserver/protected-no-scope',
    type: 'GET',
    beforeSend : function( xhr ) {
        xhr.setRequestHeader( "Authorization", "Bearer " + token );
    },
    success: function( response ) {
        console.log(response);
    }
我的端点在SpringBoot容器下运行,因此我获取HttpServletRequest并尝试获取授权标头,但始终为null:

static Authentication getAuthentication(HttpServletRequest request) {
        String token = request.getHeader(HEADER_STRING);
        //token is always null
...
编辑1 这是客户端(浏览器)中的错误

编辑2 要在后端启用CORS,我将在spring中使用以下注释:

@RestController
@CrossOrigin(origins = "*", maxAge = 3600, allowCredentials = "true", allowedHeaders = "Authorization", methods =
        {RequestMethod.GET, RequestMethod.OPTIONS, RequestMethod.POST})
public class MyResource {
编辑3 我尝试在过滤器中添加CORS,但没有成功:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
            throws IOException, ServletException {

        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");


        Authentication authentication = TokenAuthenticationService
                .getAuthentication(httpServletRequest);

        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(request, response);
    }
您可以使用
标题
键添加标题

$.ajax({
   url: 'http://localhost:8080/resourceserver/protected-no-scope',
   type: 'GET',
   contentType: 'application/json'
   headers: {
      'Authorization': 'Bearer <token>'
   },
   success: function (result) {
       // CallBack(result);
   },
   error: function (error) {

   }
});

$.ajax({
网址:'http://localhost:8080/resourceserver/protected-没有范围',
键入:“GET”,
contentType:'应用程序/json'
标题:{
“授权”:“持票人”
},
成功:功能(结果){
//回调(结果);
},
错误:函数(错误){
}
});
您需要在后端启用CORS

您是否收到任何CORS错误?是的,但我已经在spring boot中使用此方法解决了它:@CrossOrigin(origins=“*”,maxAge=3600,allowCredentials=“true”,allowedHeaders=“Authorization”,methods={RequestMethod.GET,RequestMethod.OPTIONS,RequestMethod.POST})@Paul我在本文中尝试了解决方案,但没有成功。HTTP状态403是禁止的;听起来您可能需要服务器端的其他内容。我尝试了,但在我的java端点中继续返回null。我知道问题不在java服务器中,因为如果我使用postman并发送带有授权承载令牌的请求,一切都会正常。您可以lso复制邮递员生成的代码,并尝试在客户端(浏览器)中编辑我的文章,但出现错误,这意味着存在CORS问题。请在服务器端修复注释“您也可以复制邮递员生成的代码并重试”,资源已移到其他位置: 
$.ajax({
   url: 'http://localhost:8080/resourceserver/protected-no-scope',
   type: 'GET',
   contentType: 'application/json'
   headers: {
      'Authorization': 'Bearer <token>'
   },
   success: function (result) {
       // CallBack(result);
   },
   error: function (error) {

   }
});