我不理解某些东西或遗漏了我认为的东西。 我有一个LoginPage来授权用户(即Angularjs 1.5) 作为后端,我有一个Scala / Play应用程序来验证用户和密码 所以现在我有一个问题,在登录服务中一切都很好
var token = $cookies["XSRF-TOKEN"];
if (token) {
$http.get('http://localhost:9000/ping')
.then(
function (response) {
return $http.get("http://localhost:9000/users/" + response.data.userId)
}, function (response) {
token = undefined;
$cookies["XSRF-TOKEN"] = undefined;
return $q.reject("Token invalid");
}
).then(
function (response) {
console.log(response.data);
}, function (response) {
console.log("error");
}
);
}
$http.post('http://localhost:9000/login', user)
.then(function (response) {
token = response.data.authToken;
console.log(token);
var userId = response.data.userId;
return $http.get('http://localhost:9000/users/' + userId)
}, function (response) {
console.log(response.data.err);
// return 'empty' promise so the right `then` function is called
return $q.reject("Login failed");
}).then(
function (response) {
console.log(response);
}
)
}
但在下一种情况下,我向api发送一个get请求,并想检查xsrf cookie,但没有发送cookie。
这是Scala中的安全特性 -
def HasToken[A](p: BodyParser[A] = parse.anyContent)(f: String => Long => Request[A] => Result): Action[A] =
Action(p) { implicit request =>
val maybeToken = request.headers.get(AuthTokenHeader).orElse(request.getQueryString(AuthTokenUrlKey))
maybeToken flatMap { token =>
cache.get[Long](token) map { userid =>
f(token)(userid)(request)
}
} getOrElse Unauthorized(Json.obj("err" -> "No Token"))
}
所以现在我的问题是 - 标题令牌在哪里?
更新: 这是我的app.js
'use strict';
function testInterceptor($rootScope, $q, $timeout) {
return function(promise) {
return promise.then(
function(response) {
return response;
},
function(response) {
if (response.status == 401) {
$rootScope.$broadcast("InvalidToken");
$rootScope.sessionExpired = true;
$timeout(function() {$rootScope.sessionExpired = false;}, 5000);
} else if (response.status == 403) {
$rootScope.$broadcast("InsufficientPrivileges");
} else {
// Here you could handle other status codes, e.g. retry a 404
}
return $q.reject(response);
}
);
};
}
var app=angular.module('telephone', ['ngRoute', 'ngCookies']);
app.factory('testInterceptor', testInterceptor);
app.config(["$httpProvider", "$routeProvider",function ($httpProvider, $routeProvider) {
$httpProvider.interceptors.push('testInterceptor');
$routeProvider.when('/login', {templateUrl: '../partials/login.html', controller: 'loginController'});
$routeProvider.otherwise({redirectTo: '/login'});
}]);
答案 0 :(得分:0)
我认为您需要在默认标头中为下一个请求添加令牌,以便您可以像这样添加
function SetCredentials(user) {
$http.defaults.headers.common["Authorization"] = 'Bearer ' + user.access_token;
//Here Token added in header
$rootScope.globals = {
currentUser: {
username: user.userName,
authdata: user.access_token,
userid: user.userId,
}
};
$cookieStore.put('globals', $rootScope.globals);
setUsers(user)
};