未经授权的OPTIONS请求 [英] Unauthorized OPTIONS-request

问题描述

我尝试使用带有angular2的Oauth2-Authentication访问我的Spring-Boot应用程序。当我使用基本身份验证（包括用户名和密码）向 oauth / token 发送后置请求以获取令牌（在邮递员中很好用）时，我得到了 401未经授权 >。我知道我的浏览器发送了带有OPTIONS方法的预检请求，并且我已经实现了 security-configuration ，因此它应该忽略并允许选项请求，但它不起作用。

I try to access my Spring-Boot-application with Oauth2-Authentication with angular2. When i send a post-request to "oauth/token" with my basic authentication including username and password to get a token, which works fine in postman, i get an 401 Unauthorized. I know that my browser sends a preflight-request with the OPTIONS-method, and i have implemented my security-configuration so that it should ignore and allow the options request, but it doesnt work.

这是我的安全配置：

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    DataSource dataSource;

    @Autowired
    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
    auth.jdbcAuthentication().dataSource(dataSource)
      .usersByUsernameQuery(
       "select username, password, 1 from users where username = ?") 
      .authoritiesByUsernameQuery(
       "select u.username, r.name from users u, roles r, role_users ru "
       + "where u.username = ? and u.id =  ru.users_id  and ru.roles_id = r.id ");
       auth.inMemoryAuthentication()
       .withUser("admin").password("admin").roles("ADMIN");
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .csrf().disable()
        .anonymous().disable()
        .authorizeRequests()
        .antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll();

    }
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(HttpMethod.OPTIONS,"/oauth/token");
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

特别是最后一个配置方法应该允许我访问api并获得令牌。

Especially the last configure-method should allow me to access the api and get a token.

可能是什么问题？谢谢所有帮助。

What could be the problem? Thanks for all help.

推荐答案

我发现了问题....问题出在我身上。

I found the problem....the problem was me.

此代码没有错。我刚启动了错误的服务器（复制项目）。一切正常。

There is nothing wrong on this code. i just started the wrong server (copy project). Everything works fine.

这篇关于未经授权的OPTIONS请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！