401当我尝试将我的角度JS连接到Spring Boot时

时间:2017-01-11 15:15:05

标签: javascript angularjs spring-boot spring-security spring-data

我在webstorm上创建了一个客户端角度,我在Eclipse上有一个Spring Boot服务器。问题是当我尝试打开会话时收到此错误消息:

OPTIONS http://localhost:8080/allquestions 401 ()
(anonymous) @ angular.js:12410
p @ angular.js:12155
(anonymous) @ angular.js:11908
(anonymous) @ angular.js:16648
$eval @ angular.js:17972
$digest @ angular.js:17786
$apply @ angular.js:18080
(anonymous) @ angular.js:19924
f @ angular.js:6111
(anonymous) @ angular.js:6390


XMLHttpRequest cannot load http://localhost:8080/allquestions. Response for preflight has invalid HTTP status code 401

WebConfig 

@EnableWebMvc
@Configuration
@ComponentScan
public class WebConfig extends WebMvcConfigurerAdapter {

public WebConfig() {
    super();
}

@Override
public void addViewControllers(ViewControllerRegistry registry) {
    registry.addViewController("/login").setViewName("login");
    registry.addViewController("/").setViewName("welcome");
    registry.addViewController("/welcome").setViewName("welcome");
    registry.addViewController("/exam").setViewName("exam");
    registry.addViewController("/report").setViewName("report");
    registry.addViewController("/error").setViewName("error");
    registry.addViewController("/editing").setViewName("editing");
}

@Override
public void addResourceHandlers(final ResourceHandlerRegistry registry) {
    super.addResourceHandlers(registry);
    registry.addResourceHandler("/images/**").addResourceLocations("/images/");
    registry.addResourceHandler("/css/**").addResourceLocations("/css/");
    registry.addResourceHandler("/js/**").addResourceLocations("/js/");
}

Controller的一部分:

@RestController
public class HomeController {

@Autowired
private BusinessModel businessModel;
private List<String> messages;

private User currentUser;

@PostConstruct
public void init() {
    messages = businessModel.getMessages();
}

// Communicate informations to client
private void sendOptions(HttpServletResponse response) {
    if (businessModel.getCorsNeeded().booleanValue()) {
        // Fix the header CORS
        response.addHeader("Access-Control-Allow-Origin", "*");
        // Header Authorization
        response.addHeader("Access-Control-Allow-Headers", "Authorization");
    }
}

// questions list via OPTIONS
@RequestMapping(value = "/allquestions", method = RequestMethod.OPTIONS)
public void getAllQuestions(HttpServletResponse response) {
    sendOptions(response);
}

SecurityConfig:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private UsersService usersService;

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic();
    http.authorizeRequests().antMatchers("/login").permitAll().antMatchers("/**").hasRole("USER").and().formLogin()
            .loginPage("/login").and().logout();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(usersService).passwordEncoder(new BCryptPasswordEncoder());
}
}

我无法添加xml文件(限制我的工作环境)...

我完全被封锁了,我需要你的帮助!

1 个答案:

答案 0 :(得分:0)

适合所有人的解决方案!

您创建了一个可以进行排序的过滤器:

公共类CorsFilter实现Filter {

    @Override
    public void destroy() {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filter)
            throws IOException, ServletException {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        httpResponse.setHeader("Access-Control-Max-Age", "3600");
        httpResponse.setHeader("Access-Control-Allow-Headers", "Authorization");
        filter.doFilter(request, response);
    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {
    }

}

您可以看到,过滤器会为您创建所有标题。最想要的是: httpResponse.setHeader(&#34; Access-Control-Allow-Origin&#34;,&#34; &#34; *)。< / p>

然后,您可以在SecurityConfig中调用过滤器:

@EnableAutoConfiguration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UsersService usersService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class);
        http.csrf().disable();
        http.httpBasic();
        http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/", "/**").permitAll();
        http.authorizeRequests().antMatchers(HttpMethod.GET, "/", "/**").permitAll();
        //http.authorizeRequests().antMatchers("/login").permitAll().antMatchers("/**").hasRole("USER").and().formLogin().loginPage("/login").and().logout();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(usersService).passwordEncoder(new BCryptPasswordEncoder());
    }
}

在那里,您可以看到过滤器在请求正确之前被调用: http.addFilterBefore(new CorsFilter(),ChannelProcessingFilter.class)

这是我找到的最佳解决方案,也是唯一适用于我的解决方案!我希望,它可以帮助你!

相关问题
最新问题