我正在使用JWT和Spring安全性来开发论坛应用程序。访问用户端点时出现403错误。合并后发生了此事,以前一切正常。端点可以从POSTMAN正常工作,但是从浏览器访问时会出现问题 代码中没有混淆,现在没有将Authorization标头添加到请求中,而是仅在用户的端点中添加,在其他情况下,它可以工作。裸令牌存储在浏览器的本地存储中。发生这种情况的原因可能是什么?
角度拦截器添加授权标头:
intercept(request: HttpRequest<any>, next: HttpHandler) {
const authHeader = AUTHORIZATION_HEADER;
const accessToken = this.authService.getAuthorization();
if (accessToken !== null) {
request = request.clone({
headers: request.headers.set(authHeader, accessToken),
withCredentials: false
});
}
return next.handle(request);
}
}
角度验证服务
login(userCredentials: UserCredentials): Observable<any> {
return this.http
.post<AccountInfo>(`${API_URL}/login`, userCredentials, { observe: 'response' })
.pipe(
tap((response: HttpResponse<AccountInfo>) => {
const token = response.headers.get(AUTHORIZATION_HEADER);
this.storeAuthorization(token);
const body = response.body;
this.storeAccountInfo(body);
})
);
}
getAuthorization(): string {
return localStorage.getItem(AUTHORIZATION_KEY);
}
private storeAuthorization(authToken: string) {
localStorage.setItem(AUTHORIZATION_KEY, authToken);
}
private storeAccountInfo(accountInfo: AccountInfo) {
localStorage.setItem(USERNAME_KEY, accountInfo.username);
localStorage.setItem(ROLE_KEY, accountInfo.role.toString());
}
这是包含源代码的git repo https://github.com/PatrykKleczkowski/Forum/tree/feature/improvments