首页 文章

在标头中找不到Spring引导安全性x-auth-token

提问于
浏览
1

我有一个Spring Boot应用程序,它具有使用spring安全性保护的REST服务 . Redis用于存储会话 . 我在Glassfish 4.1.2中部署了该应用程序 . 尝试使用基本身份验证登录时,响应头中未返回 x-auth-token . 可能是什么问题 ?

以下是我的配置类:

ApplicationSecurityConfig

@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;

@Autowired
private CustomAuthenticationDetailsSource source;

@Autowired
private HttpLogoutSuccessHandler logoutSuccessHandler;

@Autowired
private AuthenticationEntryPoint authenticationEntryPoint;  

@Bean
public HttpSessionStrategy httpSessionStrategy() {
    return new HeaderHttpSessionStrategy();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/crr/**").access("hasRole('CRR')")
            .anyRequest().authenticated()
            .and()
            .requestCache()
            .requestCache(new NullRequestCache())
            .and()
            .logout()
            .logoutUrl("/logout")
            .logoutSuccessHandler(logoutSuccessHandler)
            .and()
            .httpBasic().authenticationDetailsSource(source).authenticationEntryPoint(authenticationEntryPoint);
    http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
    http.csrf().disable();
  }   
}

CORSCustomFilter

@Component
@Order(Ordered.HIGHEST_PRECEDENCE) 
public class CORSCustomFilter implements Filter {

public void doFilter(ServletRequest servletRequest,
        ServletResponse servletResponse, FilterChain chain)
        throws IOException, ServletException {

    HttpServletResponse response = (HttpServletResponse) servletResponse;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers",
            "X-Requested-With,content-type, Authorization");
    chain.doFilter(servletRequest, servletResponse);
}

public void init(FilterConfig filterConfig) {
}

public void destroy() {
 }
}

Note: 当我在Tomcat中部署应用程序时,在响应头中成功生成了 x-auth-token .

spring spring-boot spring-security redis glassfish

1 回答

  • 0

    要从响应标头中检索它,请将x-auth-token添加到Access-Control-Allow-Credentials和Access-Control-Expose-Headers

    response.setHeader("Access-Control-Expose-Headers", "x-auth-token");
response.setHeader("Access-Control-Allow-Credentials", "x-auth-token");

    这对我有用 .

    回复于

相关问题