使用在vue.js中保存的JWT在我的Spring API中获取用户对象以实现持久登录。

huangapple go评论75阅读模式
英文:

Using JWT saved in cookies in vue.js to get a user object from my spring API for persisted log-in

问题

我正在尝试为我的第一个Web应用程序创建一些持久化登录的模拟,以便在刷新后网站仍然可用。当我在控制台中打印令牌(保存在Cookie中)时,它正常打印。而当我在Postman中使用带有令牌的标头时,我会收到正确的JSON响应。但是,当我在mounted方法中使用它时,我会收到401错误。因此,我认为问题出在我在fetch中实现标头的方式上。提前感谢您的帮助,因为我对编程非常新手。

mounted: function() {
    console.log(this.$cookies.get('token'));
    let t = JSON.parse(JSON.stringify(this.$cookies.get('token')));
    let h = new Headers();
    h.append('Authorization', `Bearer ${t}`);
    fetch('http://localhost:8080/api/owner/persist', {
        method: 'GET',
        headers: h
    })
    .then((response) => {
        return response.json();
    })
    .then((data) => {
        this.jwtUser = data;
    })
}

以下是Java控制器部分:如果我有PreAuthorize标签,我会收到401错误,如果我将其删除,我会收到空指针异常。我认为这只是我的标头格式有问题,我已经多次尝试过。

@PreAuthorize("isAuthenticated()")
@RequestMapping(path = "api/owner/persist", method = RequestMethod.GET)
public Owner persistedLogin(Principal principal) {
    Owner o = new Owner();
    o = ownerDAO.getOwnerInfoByName(principal.getName());
    return o;
}
英文:

I'm trying to mock up some persisted log-in for my first web application so the site is still functional after a refresh. When I print the token (which is saved in cookies) in the console, it prints normally. And when I use postman with the token in the header, I get the correct JSON response. However, when using it in the mounted method, I get a 401. So I believe it is an issue with the way I'm am implementing my headers in my fetch. Thanks in advance, as I am extremely new to coding.

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-js -->

mounted: function() {
    console.log(this.$cookies.get(&#39;token&#39;));
    let t = JSON.parse(JSON.stringify(this.$cookies.get(&#39;token&#39;)));
    let h = new Headers();
    h.append(&#39;Authentication&#39;, `Bearer ${t}`);
    fetch(&#39;http://localhost:8080/api/owner/persist&#39;, {
        method: &#39;GET&#39;,
        headers: h
      })
      .then((response) =&gt; {
        return response.json();
      })
      .then((data) =&gt; {
        this.jwtUser = data;
      })

<!-- language: lang-html -->

<!-- end snippet -->

Java Controller below: if I have the PreAuthorize Tag, I get a 401 error, and if I take it away I get a null pointer exception. I think its just something wrong with the formatting of my header. Which I have been messing around with a lot.

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-html -->

	@PreAuthorize(&quot;isAuthenticated()&quot;)
	@RequestMapping(path = &quot;api/owner/persist&quot;, method = RequestMethod.GET)
	public Owner persistedLogin(Principal principal) {
		Owner o = new Owner();
		o = ownerDAO.getOwnerInfoByName(principal.getName());
		return o;
	}

<!-- end snippet -->

答案1

得分: 0

标准的传输访问令牌的方式,尤其是JWT,是名为“Authorization”的标头。

在您的代码示例中,您使用的是“Authentication”,从描述的角度来看是正确的,因为JWT首先用于认证请求,只有在第二步才用于授权。但是标准标头就是如此命名的,叫做“Authorization”。您的标头值格式(Bearer &lt;token&gt;)在我看来是正确的。

请再次检查需要携带令牌的标头的正确名称,并验证您是否正在使用正确的标头,就像您在Postman测试中所述的那样。

祝好,
cobz

英文:

The standard way to transport access tokens, and especially JWTs, is the header called Authorization.

In your code example you are using Authentication which is from a description point of view correct as JWTs are in the first step authenticating a request and only at the second step source for authorization. But the standard header is like it is and was named Authorization. Your formatting of the header-value (Bearer &lt;token&gt;) looks correct to me.

Double check the correct name of your header that needs to carry the token, and verify you are using the correct one which is working as you stated in your test with Postman.

Best,
cobz

huangapple
  • 本文由 发表于 2020年7月30日 01:49:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/63159583.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定