春季启动角度csrf令牌握手错误

时间:2020-07-30 17:20:21

标签: angular spring spring-boot spring-security csrf

所以我不断遇到关于从前端(角度)到后端(springboot)的请求的错误。我假设我没有正确地将其从前端发送到后端。

spring安全配置:

 @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().disable()
                .csrf()
                .csrfTokenRepository (this.getCsrfTokenRepository())
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**").allowedOrigins("http://localhost:4200");

            }
        };
    }
    private CsrfTokenRepository getCsrfTokenRepository() {
        CookieCsrfTokenRepository tokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
        tokenRepository.setCookiePath("/");
        return tokenRepository;
    }

角度请求:

 let url = "http://localhost:8080/api/v1/get_txt"
      this.http.get(url).subscribe(response => {
        console.log(response)

        // post request

        
      let _csrf = this.tokenExtractor.getToken() as string == null ? "test":this.tokenExtractor.getToken();
      const formData = new FormData();
      formData.append("name", "name")
      formData.append("_csrf", _csrf)
      let post = "http://localhost:8080/api/v1/testpost"

      this.http.post(post, formData, {
        headers: new HttpHeaders().set("X-XSRF-TOKEN", _csrf),//.set("Cookie", 'XSRF-TOKEN='+_csrf)
      })
        .subscribe(response => {
            console.log(response)
        })
      })

证明请求已发送: sent csrf token

我也忘记提及的是我收到403错误。 对于所有支持我都会非常感谢,但是我不想禁用csrf令牌并且不删除spring boot依赖项;)

我如何获得令牌:

app.module.ts:

    import:[HttpClientXsrfModule.withOptions({cookieName: 'XSRF-TOKEN'})]

app.component.ts
-> import
-> inject into constructor
let _csrf = this.tokenExtractor.getToken();

更新 我发现spring boot无法从请求中提取cookie。 spring boot extract cookie error 所以这一定是角度要求的问题...

1 个答案:

答案 0 :(得分:0)

您从Angular发送的标头名称旨在用作HTTP参数。在您的代码中,它将为@Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) public @interface Logged { } 。 因此,当@Aspect @Configuration public class Logger { @Around("@annotation(fully.qualified.name.of.Logged)") public Object log(ProceedingJoinPoint joinPoint) { // get request object HttpServletRequest req = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()) .getRequest(); //do whatever you've to do with your req object //process further return someobject } 设置为CSRF令牌存储库,并且您希望将其作为标头发送时,则此令牌的默认标头名称为public class Controller{ @Logged //<-- Just a single annotation at your controller. This can be applied on all other methods irrespective of HTTP methods @CrossOrigin(origins = "*") @PostMapping(value = "/tran", produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity<Map<String,Object>> createTransaction(...........) { } as described here):

C:\Users\H6W>sqlplus EV6_PASS_USER/EV6_PASS_USER@orcl1906

SQL*Plus: Release 12.1.0.1.0 Production on Fri Jul 31 14:38:28 2020

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

ERROR:
ORA-01033: ORACLE initialization or shutdown in progress
Process ID: 0
Session ID: 0 Serial number: 0
相关问题
最新问题