我已经将我的Java Spring后端配置为用于内存身份验证但是当我通过我的angular2前端以登录表单输入正确的用户名/密码来执行POST请求时,我总是会遇到以下错误:
x POST http://localhost:8080/authenticate 401()zone.js:1382
x EXCEPTION:响应状态:401确定URL:http://localhost:8080/authenticate core.umd.js:3370
x未捕获的响应{_body:" {"代码":401,"消息":"身份验证失败","错误...原因":" authError","消息":"错误的凭据"}}",状态:401,ok:false,statusText:& #34;好的",标题:标题...} Subscriber.ts:241
我尝试了很多不同的安全配置,但似乎没有任何效果。我可能做错了什么......这是我的代码:
SecurityConfiguration.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
public static final String REMEMBER_ME_KEY = "rememberme_key";
public SecurityConfig() {
super();
logger.info("loading SecurityConfig ................................................ ");
}
@Autowired
private RestUnauthorizedEntryPoint restAuthenticationEntryPoint;
@Autowired
private AccessDeniedHandler restAccessDeniedHandler;
@Autowired
private AuthenticationSuccessHandler restAuthenticationSuccessHandler;
@Autowired
private AuthenticationFailureHandler restAuthenticationFailureHandler;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/","/client/**","/systemjs.config.js","/index.html");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("test").password("test").authorities("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers().disable()
.csrf().disable()
.authorizeRequests()
.antMatchers("/failure").permitAll()
.antMatchers("/api/**").permitAll()
.antMatchers("/users").hasAnyAuthority("ADMIN")
.anyRequest().authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.accessDeniedHandler(restAccessDeniedHandler)
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/authenticate")
.successHandler(restAuthenticationSuccessHandler)
.failureHandler(restAuthenticationFailureHandler)
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
.deleteCookies("JSESSIONID")
.permitAll()
.and();
}
}
login.service.ts
@Injectable()
export class LoginService {
constructor(private http: Http) {
console.log('Login service initialized...')
}
loginUser(data) {
var headers = new Headers();
headers.append('Content-type', 'application/json');
return this.http.post('/authenticate', JSON.stringify(data), { headers: headers })
.map(res => res.json());
}
login.component.ts
export class LoginComponent {
username:String;
password:String;
data:any
constructor(private LoginService: LoginService) {
}
loginUser(event) {
this.data = {
username: this.username,
password: this.password
};
this.LoginService.loginUser(this.data).subscribe(data => {
this.username = '';
this.password = '';
});
}
的login.html
<form class="container col-md-8" (ngSubmit)="loginUser()" style="margin:15px 15px">
<div class="row">
<div class="form group col-md-2 parent ">
<button type="submit" class="btn btn-warning centerV_element">Log In</button>
</div>
<div class="form group col-md-3 parent" style="margin:3px 3px">
<input type="text" [(ngModel)]="username" name="username" class="form control" placeholder="username">
</div>
<div class="form group col-md-3 parent" style="margin:3px 3px">
<input type="text" [(ngModel)]="password" name="password" class="form control" placeholder="password">
</div>
</div>
</form>