我正在使用Spring Boot 2.x Spring Security JWT为我的Angular 5应用程序创建REST API .
我可以使用POSTMAN登录,但是从Angular应用程序,我的OPTIONS调用失败:
Request URL: http://localhost:8080/api/v1/login
Request Method: OPTIONS
Status Code: 403
Remote Address: [::1]:8080
SecurityConfiguration.java
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;
@Autowired
private DataSource dataSource;
@Value("${spring.queries.users-query}")
private String usersQuery;
@Value("${spring.queries.roles-query}")
private String rolesQuery;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().usersByUsernameQuery(usersQuery).authoritiesByUsernameQuery(rolesQuery).dataSource(dataSource)
.passwordEncoder(bCryptPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().disable().csrf().disable().authorizeRequests().antMatchers("/").permitAll().antMatchers("/").permitAll();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**");
}
}
application.properties
# ===============================
# = DATA SOURCE
# ===============================
spring.datasource.url=jdbc:mysql://localhost:3306/some_db
spring.datasource.username=some_user
spring.datasource.password=some_password
spring.datasource.driverClassName=com.mysql.jdbc.Driver
# ===============================
# = JPA / HIBERNATE SETTINGS
# ===============================
spring.jpa.show-sql=true
spring.jpa.hibernate.ddl-auto = validate
# =============================================================
# = Spring Security / Queries for AuthenticationManagerBuilder
# =============================================================
spring.queries.users-query=select email, password from users where email=?
spring.queries.roles-query=select u.email, r.role from users u inner join user_role ur on(u.user_id=ur.user_id) inner join role r on(ur.role_id=r.role_id) where u.email=?
# ===========================
# = JSON WEB TOKEN SETTINGS
# ===========================
jwt.secret= JWTSuperSecretKey
jwt.expiration = 604800000
POSTMAN:
POST:http://localhost:8080/api/v1/login
内容类型:application / x-www-form-urlencoded
这是角度方面的 Headers 问题吗?
1 回答
您禁用CORS,这意味着您的服务器不会告诉前端允许请求任何来源,但本身 . 告诉服务器接受来自其他来源的请求,例如
localhost:4200和你的应用程序应该工作的方法GET,PUT,POST,DELETE和OPTIONS .以下设置比它需要的更复杂,但它保持了整洁和整洁 .
允许来源的定义应该放在application.yml中,例如
然后你添加两个文件,一个加载配置...
......还有一个要把它付诸实践 .