我正面临一个问题,即shiro阻止来自原始请求,说明以下错误。如果我拿出Shiro并且我的要求很好,我能够得到成功的回复。
我的dropwizard应用程序托管在 http://localhost:8199/api/konak/orders我的角色应用是 从http://localhost:4200
发起
错误
否'访问控制 - 允许 - 来源'标题出现在请求的上 资源。起源。 401未经授权的错误
我已经通过传入代理文件ng serve --proxy-config proxy.conf.json开始了角度应用程序。我正在使用以下代理详细信息运行我的角度应用程序
{
"/api": {
"target": "http://localhost:8199",
"secure": false
}
}
以下是我的请求 - 响应标头
常规
Request URL:http://localhost:8199/api/konak/reconciliations
Request Method:GET
Status Code:401 Unauthorized
Remote Address:[::1]:8199
Referrer Policy:no-referrer-when-downgrade
请求标题
Content-Length:0
Date:Wed, 02 Aug 2017 13:17:49 GMT
WWW-Authenticate:BASIC realm="application"
请求标题
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Connection:keep-alive
Host:localhost:8199
Origin:http://localhost:4200
Referer:http://localhost:4200/konak-dashboard
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36
我还设置了Shiro身份验证,我怀疑Shiro导致了一些问题而无法接受请求。 (我已经掩盖了ladap细节和jndildaprealm细节,但它们工作正常)
shiro.ini文件
l# Use SSO
contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
contextFactory.url = ldap://<hidden-ldap-config>
contextFactory.systemUsername = svc-gitlab
contextFactory.systemPassword = xxxxxxxxxxxx
ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = {0}<@company.domain>
ldapRealm.contextFactory = $contextFactory
allowAllCredentialsMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
authenticationStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authenticationStrategy
waffleRealmSSO = waffle.shiro.negotiate.NegotiateAuthenticationRealm
waffleUserPass = waffle.shiro.GroupMappingWaffleRealm
waffleFilter = waffle.shiro.negotiate.NegotiateAuthenticationFilter
securityManager.realms= $waffleRealmSSO, $ldapRealm
# Use the configured native session manager:
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
# the following call is only necessary in a web-configured ShiroFilter (otherwise
# a native session manager is already enabled):
securityManager.sessionMode = native
# cookie for single sign on
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = SSOcookie
cookie.path = /
securityManager.sessionManager.sessionIdCookie = $cookie
authcStrategy = waffle.shiro.negotiate.NegotiateAuthenticationStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
[urls]
/** = port[8199], authcBasic, noSessionCreation
我已将我的CORS标题添加到我的Dropwizard应用程序中,如下所示
private void enableCorsHeaders(Environment env) {
final FilterRegistration.Dynamic corsFilter = env.servlets().addFilter("CrossOriginFilter", CrossOriginFilter.class);
corsFilter.setInitParameter("Access-Header", "true");
corsFilter.setInitParameter("Access-Control-Allow-Credentials", "true");
corsFilter.setInitParameter("Access-Control-Allow-Origin", "http://localhost:4200");
corsFilter.setInitParameter("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Headers, Access-Control-Request-Method, Cache-Control, Pragma, Expires");
corsFilter.setInitParameter("Access-Control-Allow-Methods\" ", "OPTIONS,GET,PUT,POST,DELETE,HEAD");
corsFilter.setInitParameter("allowedOrigins", "*");
corsFilter.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin");
corsFilter.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");
corsFilter.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, Boolean.FALSE.toString());
// Add URL mapping
corsFilter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/*");
}