spring boot angular js http:/localhost:8080/logout 403禁止错误 [英] spring boot angular js http:/localhost:8080/logout 403 forbidden error
问题描述
我无法解决此问题.
我尝试以弱化登录注销示例此处.登录可以正常工作,但是当我尝试注销时,浏览器显示NetworkError:403禁止localhost:8080/禁止注销.
I try to athentication login logout example here. Login is work properly but when I try to logout, browser gives NetworkError : 403 forbidden localhost:8080/logout is forbidden.
我认为应该在ui端的每个请求中添加令牌头.但是我不知道该怎么做?
In my opinion I should add token header every request from ui side.But I don't know and find how can I do that?
这是浏览器开发人员工具消息:
here is the browser developer tools message :
POST 403{"timestamp":1501570024381,"status":403,"error":"Forbidden","message":无效的CSRF令牌'null'原为在请求参数'_csrf'或标头'X-CSRF-TOKEN'上找到.,"路径:"/helpdesk/logout}
POST 403 {"timestamp":1501570024381,"status":403,"error":"Forbidden","message":"Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.","path":"/helpdesk/logout"}
这是我的角度注销功能:
here is my angular logout function:
$scope.logout = function() {
$http.post('logout',{}).success(function() {
$rootScope.authenticated = false;
$location.path("/home");
}).error(function(data) {
$rootScope.authenticated = false;
});
}
这是我的SpringSecurityConfig配置方法:
here is my SpringSecurityConfig configure method:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic().and()
.authorizeRequests()
.antMatchers("/index.html","/pages/**","/","/webjars/**")
.permitAll()
.anyRequest()
.authenticated().and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
.logoutSuccessHandler(logoutSuccess)
.deleteCookies("JSESSIONID").invalidateHttpSession(false)
.and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
}
我该如何解决?如何将令牌标头添加到所有请求?你能帮我吗?
How can I solve this? How can I add token header to all request? Could you help me please?
推荐答案
我解决了我的问题:
当我研究时,首先找到此示例在鹅身上.
Firstly I find this sample when I research on goole.
之后,我将相同的拦截器应用到我的应用程序中,如下所示:
After that I applied same interceptor my app like this :
app.factory('CsrfTokenInterceptorService', ['$q',
function CsrfTokenInterceptorService($q) {
// Private constants.
var CSRF_TOKEN_HEADER = 'X-CSRF-TOKEN',
HTTP_TYPES_TO_ADD_TOKEN = ['DELETE', 'POST', 'PUT'];
// Private properties.
var token;
// Public interface.
var service = {
response: onSuccess,
responseError: onFailure,
request: onRequest,
};
return service;
// Private functions.
function onFailure(response) {
if (response.status === 403) {
console.log('Request forbidden. Ensure CSRF token is sent for non-idempotent requests.');
}
return $q.reject(response);
}
function onRequest(config) {
if (HTTP_TYPES_TO_ADD_TOKEN.indexOf(config.method.toUpperCase()) !== -1) {
config.headers[CSRF_TOKEN_HEADER] = token;
}
return config;
}
function onSuccess(response) {
var newToken = response.headers(CSRF_TOKEN_HEADER);
if (newToken) {
token = newToken;
}
return response;
}
}]);
并添加到app.config方法中:
and added to app.config method this :
$httpProvider.defaults.xsrfHeaderName = 'X-CSRF-TOKEN';
$httpProvider.interceptors.push('CsrfTokenInterceptorService');
但是现在我有另一个问题.浏览器开始打开自定义身份验证弹出窗口.我必须解决这个问题.
But now I have an another problem. Browser start to open custom authentication popup. I have to solve this.
这篇关于spring boot angular js http:/localhost:8080/logout 403禁止错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!