我的前端代码基于此链接http://embed.plnkr.co/toe4XO/,authentication/service.js文件除外,我将代码更改为以下内容:
'use strict';
angular.module('Authentication')
.factory('AuthenticationService',
['Base64', '$http', '$cookieStore', '$rootScope', '$timeout',
function (Base64, $http, $cookieStore, $rootScope, $timeout) {
var service = {};
service.Login = function (username, password, callback) {
/* Dummy authentication for testing, uses $timeout to simulate api call
----------------------------------------------*/
//$timeout(function(){
// var response = { success: username === 'test' && password === 'test' };
// if(!response.success) {
// response.message = 'Username or password is incorrect';
// }
// callback(response);
//}, 1000);
/* Use this for real authentication
----------------------------------------------*/
$http.post('http://localhost:8080/AngularSpringBackend/authenticate', { username: username, password: password })
.success(function (response) {
callback(response);
});
};
service.SetCredentials = function (username, password) {
var authdata = Base64.encode(username + ':' + password);
$rootScope.globals = {
currentUser: {
username: username,
authdata: authdata
}
};
$http.defaults.headers.common['Authorization'] = 'Basic ' + authdata; // jshint ignore:line
$cookieStore.put('globals', $rootScope.globals);
};
service.ClearCredentials = function () {
$rootScope.globals = {};
$cookieStore.remove('globals');
$http.defaults.headers.common.Authorization = 'Basic ';
};
return service;
}])
.factory('Base64', function () {
/* jshint ignore:start */
var keyStr = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
return {
encode: function (input) {
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;
do {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output +
keyStr.charAt(enc1) +
keyStr.charAt(enc2) +
keyStr.charAt(enc3) +
keyStr.charAt(enc4);
chr1 = chr2 = chr3 = "";
enc1 = enc2 = enc3 = enc4 = "";
} while (i < input.length);
return output;
},
decode: function (input) {
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;
// remove all characters that are not A-Z, a-z, 0-9, +, /, or =
var base64test = /[^A-Za-z0-9\+\/\=]/g;
if (base64test.exec(input)) {
window.alert("There were invalid base64 characters in the input text.\n" +
"Valid base64 characters are A-Z, a-z, 0-9, '+', '/',and '='\n" +
"Expect errors in decoding.");
}
input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
do {
enc1 = keyStr.indexOf(input.charAt(i++));
enc2 = keyStr.indexOf(input.charAt(i++));
enc3 = keyStr.indexOf(input.charAt(i++));
enc4 = keyStr.indexOf(input.charAt(i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
output = output + String.fromCharCode(chr1);
if (enc3 != 64) {
output = output + String.fromCharCode(chr2);
}
if (enc4 != 64) {
output = output + String.fromCharCode(chr3);
}
chr1 = chr2 = chr3 = "";
enc1 = enc2 = enc3 = enc4 = "";
} while (i < input.length);
return output;
}
};
/* jshint ignore:end */
});
我将所有前端代码放入IIS文件夹。我的后端代码需要基本身份验证才能访问API,并且url位于localhost中的端口8080下,所有登录信息也已存储在数据库中。
我的后端实现是Spring / Hibernate,我使用postman测试它,它可以正常工作。现在,如果我尝试从前端页面单击登录按钮,登录页面将保持循环,并且控制台会给出以下错误: Error message from Chrome,我做错了什么?
预期的行为应该是当用户输入有效帐户时,它可以访问api,也可以进入主页。
这是我的后端代码在github.com/zhengye1/SpringAngular
感谢您的帮助。
更新(2017年4月12日) Github代码根据以下评论进行更新。但我仍然没有得到我想要的东西。
回复Ajit Soman的评论:
在postman中,当我粘贴我的url链接时,例如http://localhost:8080/AngularSpringBackend/api/v1/users/,然后单击Authorization,选择Type is Basic Auth,输入admin / admin作为用户名和密码,它返回用户列表,可以检索来自数据库。
在我阅读https://samerabdelkafi.wordpress.com/2016/01/25/secure-angularjs-application-with-spring-security/之后,我的理解是在service.js中,我需要将帖子调用更改为http://localhost:8080/AngularSpringBackend/authenticate。现在我在Chrome中输入http://localhost/SimpleTest/#/login,在登录页面输入admin / admin作为用户名和密码,点击登录,弹出安全将处理其余部分并使身份验证成功并路由到主页,但似乎不是这种情况,我误解了什么吗?
更新(2017年4月18日) 最后得到我想要的,但它可能有安全问题。我的方式是'authentication / service.js',我改为 ```service.Login = function(用户名,密码,回调){ var base64Credentials = btoa(username +':'+ password); 的console.log(base64Credentials);
console.log(username + ":" + password);
/* Dummy authentication for testing, uses $timeout to simulate api call
----------------------------------------------*/
//$timeout(function(){
// var response = { success: username === 'test' && password === 'test' };
// if(!response.success) {
// response.message = 'Username or password is incorrect';
// }
// callback(response);
//}, 1000);
/* Use this for real authentication
----------------------------------------------*/
var req = {
method: 'POST',
url: 'http://localhost:8080/AngularSpringBackend/login?username='+username ,
headers: {
'Authorization': 'Basic ' + base64Credentials,
'Access-Control-Allow-Origin': '*',
'content-type' : 'application/x-www-form-urlencoded'
}
};
$http(req).then(function (response) {
callback(response);
在我的后端,我需要添加一个控制器类,将“/ login”路径映射到login方法,使用path变量获取用户名,指定POST和OPTIONS的方法,一切正常。
是否有任何好方法可以达到我想要的其他方法的要求?
答案 0 :(得分:0)
在你的corsFilter @Component中缺少注释。所以请像这样添加@component
@Component
public class CORSFilter implements Filter{
static final Logger logger = LoggerFactory.getLogger(CORSFilter.class);
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
...
}
@Component表示自动扫描组件,这将让您的spring容器自动扫描CORSFilter。