在对本网站进行了一些研究以及其他有关我的问题之后,大家好,但我没有找到适合我问题的解决方案。
我是Spring-boot和Angular的初学者,所以我很实用,所以我尝试通过Angular的请求在前端创建登录表单
前端请求
import {HttpClient, HttpHeaders} from '@angular/common/http';
@Injectable({
providedIn: 'root'
})
export class RestapiService {
constructor(private http: HttpClient) { }
public login(username: string, password: string){
const headers = new HttpHeaders({Authorization : 'basic ' + btoa(username + ':' + password)});
return this.http.get('http://localhost:8080/persons', {headers, responseType: 'text' as 'json'});
}
这里是Angular前端中的部分
在后端,我正在使用
控制器
@CrossOrigin(origins = "*")
@RestController
@RequestMapping(value = "/persons")
public class PersonController {
@Autowired
private PersonService personService;
@CrossOrigin(origins = "*")
@GetMapping
public ResponseEntity<List<PersonGetDTO>> getAllPersons(){
return new ResponseEntity<>(personService.getAllPerson(),HttpStatus.OK);
}
我检查密码和id进入请求标头的安全部分与数据库中的id和哈希密码匹配
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserServiceImpl userService;
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
String test = bCryptPasswordEncoder.encode("test");
System.out.println(test);
User user= userService.findByUsername(name);
if(user==null){
throw new BadCredentialsException("1000");
}
if (!(bCryptPasswordEncoder.matches(password,user.getPassword()))) {
System.out.println("mauvais mdp");
throw new BadCredentialsException("1000");
}
return new UsernamePasswordAuthenticationToken(name, password,new ArrayList<>());
}
@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}
我在其中设置允许或禁止路径的websecurityconfig
Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider ;
private UserDetailsService userDetailsService;
private UserServiceImpl userService;
@Override
public void configure(AuthenticationManagerBuilder builder)
throws Exception {
builder.authenticationProvider(customAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
http.csrf().disable();
http.authorizeRequests().antMatchers("/resource").permitAll();
http.authorizeRequests().antMatchers("/**").fullyAuthenticated().and
().httpBasic();
}
但是当我使用Postman客户端时,我没有问题,但是当我使用角度客户端时,我得到了
HttpErrorResponse {标头:HttpHeaders,状态:401,statusText: “确定”,网址:“ http://localhost:8080/persons”,确定:假,…}标头: HttpHeaders {normalizedNames:Map(0),lazyUpdate:空,lazyInit:ƒ} 状态:401 statusText:“确定”网址:“ http://localhost:8080/persons”确定: 假名称:“ HttpErrorResponse”消息:“ HTTP失败响应为 http://localhost:8080/persons:401 OK”错误:空 proto :HttpResponseBase
501:未经授权,但我没有问题,如果我使用allowAll()只是为了检查连接是否正常
一些研究表明,CORS配置是什么,但是我尝试过的配置无法正常工作,所以我来这里寻求帮助
很抱歉,帖子冗长,英语不好
祝你有美好的一天