为什么我没有获取到授权头部?

huangapple go评论77阅读模式
英文:

Why I don't get authorization header?

问题

Axios发送:

axios({
  method: 'get',
  url: 'http://localhost:8081/api/posts',
  headers: { 'Authorization': 'Bearer_' + localStorage.getItem("username")} // Cookies.get('Token')
})

Spring中的CORS配置:

 @Override
public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping("/**")
            .allowedHeaders("*")
            .exposedHeaders("Authorization", "authorization")
            .allowedOrigins("*")
            .allowedMethods("*")
            .allowCredentials(false).maxAge(3600);
}

Spring安全配置:

  @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .httpBasic().disable()
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers(LOGIN_ENDPOINT, REGISTRATION_ENDPOINT).permitAll()
            .antMatchers(ADMIN_ENDPOINT).hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
            .apply(new JwtConfigurer(jwtTokenProvider));
}

获取头信息:

 @Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
        throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) req;
    Map<String, List<String>> headersMap = Collections.list(httpRequest.getHeaderNames())
            .stream()
            .collect(Collectors.toMap(
                    Function.identity(),
                    h -> Collections.list(httpRequest.getHeaders(h))
            ));
英文:

I use the Spring framework. If I send a request using postman, I get the authorization header, but if I use Axois I don't get it. What is the problem?

Axois send:

axios({
  method: &#39;get&#39;,
  url: &#39;http://localhost:8081/api/posts&#39;,
  headers: { &#39;Authorization&#39;: &#39;Bearer_&#39; + localStorage.getItem(&quot;username&quot;)} // Cookies.get(&#39;Token&#39;)
})

Cors in spring

 @Override
public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping(&quot;/**&quot;)
            .allowedHeaders(&quot;*&quot;)
            .exposedHeaders(&quot;Authorization&quot;, &quot;authorization&quot;)
            .allowedOrigins(&quot;*&quot;)
            .allowedMethods(&quot;*&quot;)
            .allowCredentials(false).maxAge(3600);;
}

Spring security config:

  @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .httpBasic().disable()
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers(LOGIN_ENDPOINT, REGISTRATION_ENDPOINT).permitAll()
            .antMatchers(ADMIN_ENDPOINT).hasRole(&quot;ADMIN&quot;)
            .anyRequest().authenticated()
            .and()
            .apply(new JwtConfigurer(jwtTokenProvider));
}

Get the headers here:

 @Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
        throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) req;
    Map&lt;String, List&lt;String&gt;&gt; headersMap = Collections.list(httpRequest.getHeaderNames())
            .stream()
            .collect(Collectors.toMap(
                    Function.identity(),
                    h -&gt; Collections.list(httpRequest.getHeaders(h))
            ));

Postman request

Headers with postman

Headers with Axios

答案1

得分: 0

我添加了 Bean:

@Bean                                           
CorsConfigurationSource corsConfigurationSource() {
   final UrlBasedCorsConfigurationSource source = new 
   UrlBasedCorsConfigurationSource();
   CorsConfiguration config = new CorsConfiguration();
   config.addAllowedMethod("*");
   source.registerCorsConfiguration("/**", config.applyPermitDefaultValues());
   return source;
}
英文:

I added Bean:

    @Bean                                           
    CorsConfigurationSource corsConfigurationSource() {
       final UrlBasedCorsConfigurationSource source = new 
       UrlBasedCorsConfigurationSource();
       CorsConfiguration config = new CorsConfiguration();
       config.addAllowedMethod(&quot;*&quot;);
       source.registerCorsConfiguration(&quot;/**&quot;, config.applyPermitDefaultValues());
       return source;
    }

huangapple
  • 本文由 发表于 2020年9月18日 13:38:22
  • 转载请务必保留本文链接:https://go.coder-hub.com/63949909.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定