this,当我尝试删除某个项目时,出现错误。
当我在后端添加spring security时,我遇到了csrf的问题,并且无法通过事件在Angular中显示数据库中的数据。因此,我采取了一些步骤:
我已将@WebSecurityConfigurerAdapter
添加到我的后端中。后来在Angular中设置了Interceptor,此后,我就可以在后台使用Spring Security加载数据了。
@EnableWebSecurity
@Configuration
public class SpringSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
.anyRequest().authenticated()
.and()
//.formLogin().and()
.httpBasic();
}
}
我在Interceptor中的服务有角化
import { Injectable } from '@angular/core';
import {HttpHandler, HttpInterceptor, HttpRequest} from '@angular/common/http';
@Injectable({
providedIn: 'root'
})
export class HttpInterceptorService implements HttpInterceptor {
intercept(request: HttpRequest<any>, next: HttpHandler) {
const username = 'damian';
const password = 'damian';
const basicAutHeaderString = 'Basic ' + window.btoa(username + ':' + password);
request = request.clone(
{
setHeaders: {
Authorization: basicAutHeaderString
}
}
);
return next.handle(request);
}
constructor() { }
}
从后端获取单个项目:
deleteSingleTodo(id) {
return this.http.delete<Todo>(`http://localhost:8081/${id}`);
}
由(单击)按钮触发的我的删除方法:
deleteTodo(id) {
console.log(`delete todo ${id}` )
this.getDataService.deleteSingleTodo( id).subscribe (
response => {
console.log(response);
this.message = `Delete of Todo ${id} Successful!`;
this.refreshTodos();
}
);
}
I also provided HTTP_INTERCEPTORS in app.module.ts
providers: [
{ provide: HTTP_INTERCEPTORS, `useClass: HttpInterceptorService, multi:` true}
],[my error message in google][1]
答案 0 :(得分:0)
您能否简单地添加一个过滤器来应用CORS,如下所示,以查看其是否正常工作
@Component
public class CrossOriginFilter implements Filter {
private static final Logger log = LoggerFactory.getLogger(CrossOriginFilter.class);
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// Called by the web container to indicate to a filter that it is being
// placed into service.
// We do not want to do anything here.
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
log.info("Applying CORS filter");
HttpServletResponse response = (HttpServletResponse) resp;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, Authorization, X-Requested-With, Content-Type, Accept, X-Auth-Token, X-CSRF-TOKEN");
chain.doFilter(req, resp);
}
@Override
public void destroy() {
// Called by the web container to indicate to a filter that it is being
// taken out of service.
// We do not want to do anything here.
}
}
答案 1 :(得分:0)
您只需要在下面的类中添加CORS配置
它如何工作?
CORS请求自动分派到已注册的各种HandlerMappings中。它们通过CorsProcessor实现(默认情况下为DefaultCorsProcessor)来处理CORS起飞前请求并拦截CORS简单和实际请求,以便添加相关的CORS响应标头(例如Access-Control-Allow-Origin)。
CorsConfiguration允许您指定应如何处理CORS请求:允许的来源,标头和方法等。可以通过多种方式提供
CORS Doc CORS with Spring Boot
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
@EnableWebMvc
public class WebConfig implements Filter,WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
System.out.println("WebConfig; "+request.getRequestURI());
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With,observe");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Expose-Headers", "Authorization");
response.addHeader("Access-Control-Expose-Headers", "responseType");
response.addHeader("Access-Control-Expose-Headers", "observe");
System.out.println("Request Method: "+request.getMethod());
if (!(request.getMethod().equalsIgnoreCase("OPTIONS"))) {
try {
chain.doFilter(req, res);
} catch(Exception e) {
e.printStackTrace();
}
} else {
System.out.println("Pre-flight");
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST,GET,DELETE,PUT");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Access-Control-Expose-Headers"+"Authorization, content-type," +
"USERID"+"ROLE"+
"access-control-request-headers,access-control-request-method,accept,origin,authorization,x-requested-with,responseType,observe");
response.setStatus(HttpServletResponse.SC_OK);
}
}
}