所以我不断遇到关于从前端(角度)到后端(springboot)的请求的错误。我假设我没有正确地将其从前端发送到后端。
spring安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable()
.csrf()
.csrfTokenRepository (this.getCsrfTokenRepository())
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("http://localhost:4200");
}
};
}
private CsrfTokenRepository getCsrfTokenRepository() {
CookieCsrfTokenRepository tokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
tokenRepository.setCookiePath("/");
return tokenRepository;
}
角度请求:
let url = "http://localhost:8080/api/v1/get_txt"
this.http.get(url).subscribe(response => {
console.log(response)
// post request
let _csrf = this.tokenExtractor.getToken() as string == null ? "test":this.tokenExtractor.getToken();
const formData = new FormData();
formData.append("name", "name")
formData.append("_csrf", _csrf)
let post = "http://localhost:8080/api/v1/testpost"
this.http.post(post, formData, {
headers: new HttpHeaders().set("X-XSRF-TOKEN", _csrf),//.set("Cookie", 'XSRF-TOKEN='+_csrf)
})
.subscribe(response => {
console.log(response)
})
})
证明请求已发送: sent csrf token
我也忘记提及的是我收到403错误。 对于所有支持我都会非常感谢,但是我不想禁用csrf令牌并且不删除spring boot依赖项;)
我如何获得令牌:
app.module.ts:
import:[HttpClientXsrfModule.withOptions({cookieName: 'XSRF-TOKEN'})]
app.component.ts
-> import
-> inject into constructor
let _csrf = this.tokenExtractor.getToken();
答案 0 :(得分:0)
您从Angular发送的标头名称旨在用作HTTP参数。在您的代码中,它将为@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Logged {
}
。
因此,当@Aspect
@Configuration
public class Logger {
@Around("@annotation(fully.qualified.name.of.Logged)")
public Object log(ProceedingJoinPoint joinPoint) {
// get request object
HttpServletRequest req =
((ServletRequestAttributes)RequestContextHolder.getRequestAttributes())
.getRequest();
//do whatever you've to do with your req object
//process further
return someobject
}
设置为CSRF令牌存储库,并且您希望将其作为标头发送时,则此令牌的默认标头名称为public class Controller{
@Logged //<-- Just a single annotation at your controller. This can be applied on all other methods irrespective of HTTP methods
@CrossOrigin(origins = "*")
@PostMapping(value = "/tran", produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<Map<String,Object>> createTransaction(...........) {
}
(as described here):
C:\Users\H6W>sqlplus EV6_PASS_USER/EV6_PASS_USER@orcl1906
SQL*Plus: Release 12.1.0.1.0 Production on Fri Jul 31 14:38:28 2020
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01033: ORACLE initialization or shutdown in progress
Process ID: 0
Session ID: 0 Serial number: 0