我正在尝试通过服务HTTP的GET方法发送令牌,但是请求头没有auth-token的值(令牌存储在浏览器localStorage中用于身份验证控件)
以下是请求的标头:
Accept:*/* Accept-Encoding:gzip, deflate, sdch, br Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4 Access-Control-Request-Headers:auth-token, content-type Access-Control-Request-Method:GET Connection:keep-alive Host:localhost:7005 Origin:http://localhost:4200 Referer:http://localhost:4200/ User-Agent:Mozilla/5.0 (Windows NT
6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
我需要从Access-Control-Request-Headers参数中验证令牌,以获取对auth-token值的访问权限:
下面是我的代码(角度2)
码:
export class BaseProvider {
protected static HOST: string = 'http://localhost:7005/'
protected static BASE_API: string = 'context';
protected headers = new Headers({
'Content-Type': 'application/json',
'auth-token': localStorage.getItem('user-token')
});
protected options = new RequestOptions({ headers: this.headers });
protected static getBaseAPI(): string {
return this.HOST + this.BASE_API;
}
}
@Injectable()
export class MyService extends BaseProvider {
constructor(private http: Http) {
super();
}
public findByName(obj: MyModel): Observable<Array<MyModel>> {
let params: URLSearchParams = new URLSearchParams();
params.set('name', obj.name);
this.options.search = params;
return this.http.get(BaseProvider.getBaseAPI() + myUrl, this.options)
.map((res: Response) => res.json()
).catch((error: any) => Observable.throw(error.json().error || 'Error!'));
}
}
下面是我的代码(Java中的WebFilter)
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.filter.GenericFilterBean;
@WebFilter(urlPatterns = "/*" )
public class LoginFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
final HttpServletRequest httpRequest = (HttpServletRequest) request;
final HttpServletResponse httpResponse = (HttpServletResponse) response;
final String authHeaderVal = httpRequest.getHeader("auth-token");
if (null == authHeaderVal) {
throw new ServletException("Not authorized.");
}
// more code ...
}
}
}
Java代码的“authHeaderVal”变量未填充令牌,因为“auth-token”为空 .
如果没有LoginFilter类,请求将如下所示:
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
auth-token:eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiJkOTkzOWE0NS05Mzg5LTQ1MGItODE2Yy0yMjE1OWJhODdjZDMiLCJzdWIiOiJnYWJyaWVsIiwicm9sZSI6IjEiLCJpYXQiOjE0ODk2OTk5MjUsImV4cCI6MTQ4OTc4NjMyNX0.NdqdinX7S2mzO9wGVBw-JoUKQ7G2TQxQyQ3QrFg6Ckwc9A9Z63iw6R1JOPQ5ZO1yWpVPVvy_NS-wBqNRK03IiA
Cache-Control:no-cache
Connection:keep-alive
Content-Type:application/json
Host:localhost:7005
Origin:http://localhost:4200
Pragma:no-cache
Referer:http://localhost:4200/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
我需要请求才能到达过滤器 .