401请求但有令牌吗?

时间:2019-11-07 14:44:18

标签: angular spring security request authorization

我使用spring boot后端,在其中发送需要授权的安全请求,我发送带有Authorization标头的令牌,但现在仍然出现401错误?

网络流量 

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJCb2dhdG9tIiwiZXhwIjoxNTczMTU0NjMxLCJpYXQiOjE1NzMxMzY2MzF9.FFq8Qf0UuVlNCC0CaD6Xox7U48P27-o8ZJxcGuuLPH25TkbDiTaTg_1dpGIMo6SuGzgBTLHOlmamNZuE3xGphQ
Connection: keep-alive
Content-Type: application/json
Host: localhost:8080
Origin: http://localhost:4200
Referer: http://localhost:4200/account
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36

WebSecurityConfig.java 

@Override
    protected void configure(HttpSecurity http) throws Exception {
      http.csrf().disable()
                // dont authenticate this particular request
                .authorizeRequests().antMatchers("/authenticate").permitAll().
                // all other requests need to be authenticated
                        anyRequest().authenticated().and().
                // make sure we use stateless session; session won't be used to
                // store user's state.
                        exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // Add a filter to validate the tokens with every request
        http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
    }

JWTRequestFilter.java 

@Override
    protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,PATCH,OPTIONS");
        response.setHeader("Access-Control-Allow-Headers", "Authorization, Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");

        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(req, res);
        }
    }

错误 enter image description here

希望你们能帮助我

0 个答案:

没有答案
相关问题
最新问题