从angular2发送的"Authorization"请求标头的值为"Bearer"但是当它到达SpringBoot的过滤器时,它将值显示为"Basic" .
Spring安全是否超越它?
Angular2 code :
getGreeting(): Observable<string> {
let headers = new Headers({ 'Authorization': 'Bearer ' + this.authenticationService.token });
let options = new RequestOptions({ headers: headers });
return this.http.get(document.location.pathname.substring(0, document.location.pathname.indexOf("/",2))
+"/rest/hello",options).map(res => res.text())
}
过滤代码:
@Override public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain)抛出IOException,ServletException {
HttpServletRequest request =(HttpServletRequest)req;
if (request.getRequestURI().contains("/rest/")) {
String authHeader = request.getHeader("Authorization");
if (authHeader == null || !authHeader.startsWith(Constants.BEARER)) {
throw new ServletException(Constants.MISSING_HEADER);
}