我正在尝试在angular-js和spring security中构建一个简单的应用程序。我正在使用基本身份验证。每当浏览主页时,我都会获得用户名密码的基本身份验证弹出窗口。如果我取消它并登录正确的密码,应用程序工作正常。但是,如果我输入错误的密码,相同的基本身份验证弹出即将到来。我在每个请求中发送X-Requested-With标头,它也可以在标题恶魔中看到。任何人都有任何想法,这里出了什么问题?
Angular:
'use strict';
var todoApp=angular.module('todoApp',['ngRoute']);
todoApp.config(['$routeProvider','$httpProvider',function($routeProvider,$httpProvider){
$httpProvider.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
$routeProvider.when('/',{
templateUrl:'resources/templates/Home.html',
controller:'HomeController'
}).otherwise({redirectTo:'/'});
}]);
'user strict';
todoApp.controller('NavBarController',function($rootScope, $scope, $http, $location, $route){
$scope.credentials = {};
$scope.login = function() {
authenticate($scope.credentials, function(authenticated) {
if (authenticated) {
console.log("Login succeeded")
$location.path("/");
$scope.error = false;
$rootScope.authenticated = true;
} else {
console.log("Login failed")
$location.path("/");
$scope.error = true;
$rootScope.authenticated = false;
}
})
};
$scope.logout=function(){
$http.post('logout', {}).success(function() {
$rootScope.authenticated = false;
$location.path("/");
}).error(function(data) {
console.log("Logout failed")
$rootScope.authenticated = false;
});
}
var authenticate=function(credentials,callback){
//create headers for request
var headers= credentials? {
authorization:"Basic "
+btoa(credentials.username+":"+credentials.password)}:{};
//request to http basic service
$http.get('user/authenticate',{
headers:headers
}).success(function(data){
if(data.name){
$rootScope.authenticated=true
}else{
$rootScope.authenticated=false;
}
callback && callback($rootScope.authenticated);
}).error(function(data){
$rootScope.authenticated=false;
callback && callback(false);
});
};
authenticate();
});
security configuration:
<sec:http use-expressions="true">
<sec:intercept-url pattern="/" access="permitAll"/>
<sec:intercept-url pattern="/index.html" access="permitAll"/>
<sec:intercept-url pattern="/Home.html" access="permitAll"/>
<sec:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<sec:http-basic/>
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<sec:jdbc-user-service data-source-ref="dataSource" id="userDetailsService"/>
</sec:authentication-provider>
</sec:authentication-manager>
Headers:
Content-Language:en
Content-Length:1160
Content-Type:text/html;charset=utf-8
Date:Fri, 12 Jun 2015 02:46:18 GMT
Server:Apache-Coyote/1.1
WWW-Authenticate:Basic realm="Spring Security Application"
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Cookie:JSESSIONID=A06CEC616C9A34B915EA298A890C5E80
Host:localhost:9999
Pragma:no-cache
Referer:http://localhost:9999/todoapp/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36
X-Requested-With:XMLHttpRequest
答案 0 :(得分:0)
发送WWW-Authenticate:Basic realm="Spring Security Application"会导致浏览器显示登录表单。
您需要提供初始角度资产,而无需基本身份验证。