Angular2与Sping Boot 和Spring Security

ndh0cuux  于 2024-01-06  发布在  Spring
关注(0)|答案(1)|浏览(177)

首先,我已经在this page上检查了这个问题,我尝试了他的解决方案,但最后,我仍然有同样的问题。
XMLHttpRequest无法加载http://localhost:8080/login。对预处理请求的响应未通过访问控制检查:请求的资源上不存在“Excell-Control-Allow-Origin”标头。因此不允许访问Origin http://localhost:3000。响应的HTTP状态代码为403。
但是,我把一个access-control到处所以我不明白为什么它是这样的。
我的代码看起来像这样(我希望我能为你写得足够多):
在Angular中,我的login.service.ts

  1. check(name: string, password: string): boolean {
  2.      let headers = new Headers();
  3.     headers.append('Content-Type', 'application/x-www-form-urlencoded');
  4.     headers.append('Access-Control-Allow-Origin','*');
  5.     let options = new RequestOptions({headers:headers,withCredentials:true});
  7.     if(this.http.post(this.baseUrl, 
  8.         `username=${name}&password=${password}`,
  9.         {headers:headers})
  10.         .toPromise().then(response=> {
  11.           return {}
  12.         }))
  13.         return true;    
  15.         return false;
  16.   }

字符串
如果认证成功,我还想返回一个布尔值,但我真的不知道如何知道它是否有效,所以我现在这样做(它总是为真)。
在Java中,我有这样的代码:

  1. @Configuration
  2. @EnableWebMvc
  3. class WebConfig extends WebMvcConfigurerAdapter {
  4. }


为了安全起见,我买了这个

  1. @Configuration
  2. @EnableWebSecurity
  3. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  4.     
  5.     
  6.     @Autowired
  7.     private RESTLoginSuccessHandler loginSuccessHandler;
  9.     @Autowired
  10.     private RestLogoutSuccessHandler logoutSuccessHandler;
  12.     @Override
  13.     protected void configure(HttpSecurity httpSecurity) throws Exception {
  14.         //deactivate CSRF and use custom impl for CORS
  15.         httpSecurity
  16.                 .cors.and()
  17.                 .csrf().disable()
  18.                 .addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class);
  19.         //authorize, authenticate rest
  20.         httpSecurity
  21.                 .authorizeRequests()
  22.                     .anyRequest().hasRole("USER")
  23.                     .and()
  24.                 .sessionManagement()
  25.                     .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
  26.                     .and()
  27.                 .formLogin()
  28.                     .usernameParameter("username")
  29.                     .passwordParameter("password")
  30.                     .loginPage("/login")
  31.                     .successHandler(loginSuccessHandler)
  32.                     .permitAll()
  33.                     .and()
  34.                 .logout()
  35.                     .logoutSuccessHandler(this.logoutSuccessHandler)
  36.                     .permitAll();
  37.     }
  39.     @Autowired
  40.     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  41.         auth.inMemoryAuthentication().withUser("rano").password("1234").roles("USER");
  42.         auth.inMemoryAuthentication().withUser("admin").password("admin").roles("USER", "ADMIN");
  43.     }
  44. }
  46. @Bean
  47. CorsConfigurationSource corsConfigurationSource() {
  48.     CorsConfiguration configuration = new CorsConfiguration();
  49.     
  50.     configuration.setAllowedOrigins(Arrays.asList("http://localhost:8080","http://localhost:3000"));
  51.         
  52.     configuration.setAllowedMethods(Arrays.asList("PUT","DELETE","POST"));
  53.     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  54.     source.registerCorsConfiguration("/**", configuration);
  55.     return source;
  56. }


在我的登录页面中:

  1. @Component
  2. public class RESTLoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
  4.     private RequestCache requestCache = new HttpSessionRequestCache();
  6.     @Override
  7.     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
  8.             org.springframework.security.core.Authentication authentication) throws IOException, ServletException {
  10.         SavedRequest savedRequest = requestCache.getRequest(request, response);
  12.         if (savedRequest == null) {
  13.             clearAuthenticationAttributes(request);
  14.             return;
  15.         }
  17.         String targetUrlParam = getTargetUrlParameter();
  18.         if (isAlwaysUseDefaultTargetUrl()
  19.                 || (targetUrlParam != null && StringUtils.hasText(request.getParameter(targetUrlParam)))) {
  20.             requestCache.removeRequest(request, response);
  21.             clearAuthenticationAttributes(request);
  22.             return;
  23.         }
  25.         clearAuthenticationAttributes(request);
  26.     }
  28.     public void setRequestCache(RequestCache requestCache) {
  29.         this.requestCache = requestCache;
  30.     }
  31. }


那么,有什么问题吗?或者如何使用Sping Boot 和Spring Security制作Angular2应用程序?因为除了添加安全性之外,Sping Boot 和Angular之间的所有功能都可以正常工作。

spring-boot

1条答案

按热度按时间
des4xlb0

des4xlb01#

将以下内容添加到configure方法中

  1. .cors().and()

字符串

赞(0)分享  回复(0)举报  2024-01-06
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com