"授权"从angular2发送的请求标头的值为" Bearer"但当它到达SpringBoot的过滤器时,它显示的值为" Basic"。
春天的安全是否超越了它?
Angular2代码:
getGreeting(): Observable<string> {
let headers = new Headers({ 'Authorization': 'Bearer ' + this.authenticationService.token });
let options = new RequestOptions({ headers: headers });
return this.http.get(document.location.pathname.substring(0, document.location.pathname.indexOf("/",2))
+"/rest/hello",options).map(res => res.text())
}
过滤代码:
@覆盖
public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain)
抛出IOException,ServletException {
HttpServletRequest request =(HttpServletRequest)req;
if (request.getRequestURI().contains("/rest/")) {
String authHeader = request.getHeader("Authorization");
if (authHeader == null || !authHeader.startsWith(Constants.BEARER)) {
throw new ServletException(Constants.MISSING_HEADER);
}