我的Angular 4应用程序无法向Spring Boot Server请求令牌

时间:2018-01-05 02:40:17

标签: angular spring-boot

我目前正在开发一个使用Spring Boot作为后端的Angular 4应用程序。

当我想向后端服务器请求令牌时,我会为每个浏览器收到不同的错误消息。 1. Chrome控制台消息:

  

无法加载http://localhost:4002/oauth/token?username=wiko&password=shefvaas&grant_type=password:预检的响应包含无效的HTTP状态代码401

  1. Firefox控制台消息:
    2.   

    阻止跨源请求:同源策略禁止在http://localhost:4002/oauth/token?username=wiko&password=shefvaas&grant_type=password读取远程资源。 (原因:CORS预检频道没有成功)

    这是我的角色请求黑客:

    genHeaders(map?: ConfigurationMap) {

const httpHeaders = new HttpHeaders({
  'Content-Type': 'application/json',
  'Authorization': ('Basic ' + btoa('fayaqun:satria'))
});

return {
  headers: httpHeaders,
  withCredentials: true
};}

    这是我的Spring Boot AuthorizationServerConfig:

    @Autowired
private AuthenticationManager authManager;

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security.checkTokenAccess("isAuthenticated()");
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory().withClient("fayaqun" )
            .authorizedGrantTypes("client_credentials", "password", "refresh_token")
            .authorities("ROLE_SUPERUSER", "ROLE_VALIDATOR", "ROLE_CLIENT", "ROLE_GUEST")
            .scopes("read", "write", "trust")
            .resourceIds("oauth2-resource")
            .accessTokenValiditySeconds(86400)
            .secret("satria");
}

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints.tokenStore(tokenStore()).authenticationManager(authManager);
}


@Bean
public TokenStore tokenStore() {
    return new InMemoryTokenStore();
}

    有这方面的经验吗?

    感谢。

1 个答案:

答案 0 :(得分:0)

我几天前做过。弹簧与Angular 4 + Oauth2。

我认为您的问题是您的CORS授权。

import com.thespringwheels.api.config.property.TheWheelsApiProperty;

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {

    @Autowired
    private TheWheelsApiProperty thewheelsApiProperty;

    @Override
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
            throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;


        for( String origin: thewheelsApiProperty.getOriginAllowed()){
            response.setHeader("Access-Control-Allow-Origin", origin);
        }

        response.setHeader("Access-Control-Allow-Credentials", "true");

        if ("OPTIONS".equals(request.getMethod()) && thewheelsApiProperty.getOriginAllowed().contains(request.getHeader("Origin")) ) {
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, PUT, OPTIONS");
            response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept");
            response.setHeader("Access-Control-Max-Age", "3600");

            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(req, resp);
        }

    }

    @Override
    public void destroy() {
    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {
    }

}




package com.thespringwheels.api.config.property;

import java.util.List;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;

@Component
@ConfigurationProperties("thewheels") //FIXME: Customize here
public class TheWheelsApiProperty {


    //FIXME: Customize here - Define the origin throught application.propertis or system initialization parameter
    List<String> originAllowed = java.util.Arrays.asList( "http://localhost:4200");

    private int accessTokenValiditySeconds=360;
    private int refreshTokenValiditySeconds=120000;

    private final Security security = new Security();

    public Security getSecurity() {
        return security;
    }

    public List<String> getOriginAllowed() {
        return originAllowed;
    }

    public void setOriginAllowed(String originAllowed) {
        this.originAllowed.add(originAllowed);
    }

    public int getRefreshTokenValiditySeconds() {
        return refreshTokenValiditySeconds;
    }

    public void setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds) {
        this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
    }

    public int getAccessTokenValiditySeconds() {
        return accessTokenValiditySeconds;
    }

    public void setAccessTokenValiditySeconds(int accessTokenValiditySeconds) {
        this.accessTokenValiditySeconds = accessTokenValiditySeconds;
    }

    public static class Security {

        private boolean enableHttps;

        public boolean isEnableHttps() {
            return enableHttps;
        }

        public void setEnableHttps(boolean enableHttps) {
            this.enableHttps = enableHttps;
        }

    }

}
相关问题
最新问题