问题描述
我正在尝试通过 Javascript 将授权令牌承载发送到 REST 端点,所以我这样做:
I'm trying to send a Authorization Token Bearer through Javascript to a REST Endpoint, so i doing in this way:
$.ajax( { url: 'http://localhost:8080/resourceserver/protected-no-scope', type: 'GET', beforeSend : function( xhr ) { xhr.setRequestHeader( "Authorization", "Bearer " + token ); }, success: function( response ) { console.log(response); }
我的端点在 SpringBoot 容器下运行,所以我正在获取 HttpServletRequest 并尝试获取 AUthorization Header 但始终为空:
My endpoint is running under a SpringBoot container, so i'm getting the HttpServletRequest and trying to get AUthorization Header but is always null:
static Authentication getAuthentication(HttpServletRequest request) { String token = request.getHeader(HEADER_STRING); //token is always null ...
编辑 1这是客户端(浏览器)中的错误
Edit 1 This is the error in Client-Side (Browser
OPTIONS http://localhost:8080/resourceserver/protected-no-scope 403 () Failed to load http://localhost:8080/resourceserver/protected-no-scope: Response for preflight has invalid HTTP status code 403.
编辑 2为了在后端启用 CORS,我在 spring 中使用了以下注释:
Edit 2 To enable CORS in backend i'm using the following annotation with spring:
@RestController @CrossOrigin(origins = "*", maxAge = 3600, allowCredentials = "true", allowedHeaders = "Authorization", methods = {RequestMethod.GET, RequestMethod.OPTIONS, RequestMethod.POST}) public class MyResource {
编辑 3我尝试在我的过滤器中添加 CORS,但没有成功:
Edit 3 I tried added the CORS in my Filter but no success:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin")); httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true"); httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); httpServletResponse.setHeader("Access-Control-Max-Age", "3600"); httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me"); Authentication authentication = TokenAuthenticationService .getAuthentication(httpServletRequest); SecurityContextHolder.getContext().setAuthentication(authentication); filterChain.doFilter(request, response); }
推荐答案
您可以使用headers键添加标题
$.ajax({ url: 'http://localhost:8080/resourceserver/protected-no-scope', type: 'GET', contentType: 'application/json' headers: { 'Authorization': 'Bearer <token>' }, success: function (result) { // CallBack(result); }, error: function (error) { } });
您需要在后端启用 CORS
You need to enable CORS on backend
https://stackoverflow.com/a/32320294/5567387