spring boot angular js http:/localhost:8080/logout 403禁止错误 [英] spring boot angular js http:/localhost:8080/logout 403 forbidden error

问题描述

我无法解决此问题.

我尝试以弱化登录注销示例此处.登录可以正常工作，但是当我尝试注销时，浏览器显示NetworkError:403禁止localhost:8080/禁止注销.

I try to athentication login logout example here. Login is work properly but when I try to logout, browser gives NetworkError : 403 forbidden localhost:8080/logout is forbidden.

我认为应该在ui端的每个请求中添加令牌头.但是我不知道该怎么做?

In my opinion I should add token header every request from ui side.But I don't know and find how can I do that?

这是浏览器开发人员工具消息:

here is the browser developer tools message :

POST 403{"timestamp":1501570024381，"status":403，"error":"Forbidden"，"message":无效的CSRF令牌'null'原为在请求参数'_csrf'或标头'X-CSRF-TOKEN'上找到.，"路径:"/helpdesk/logout}

POST 403 {"timestamp":1501570024381,"status":403,"error":"Forbidden","message":"Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.","path":"/helpdesk/logout"}

这是我的角度注销功能:

here is my angular logout function:

 $scope.logout = function() {
    $http.post('logout',{}).success(function() {
      $rootScope.authenticated = false;
      $location.path("/home");
    }).error(function(data) {
      $rootScope.authenticated = false;
    });
  }

这是我的SpringSecurityConfig配置方法:

here is my SpringSecurityConfig configure method:

 @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .httpBasic().and()
            .authorizeRequests()
            .antMatchers("/index.html","/pages/**","/","/webjars/**")
            .permitAll()
            .anyRequest()
            .authenticated().and().logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
            .logoutSuccessHandler(logoutSuccess)
            .deleteCookies("JSESSIONID").invalidateHttpSession(false)
            .and()
            .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);

}

我该如何解决?如何将令牌标头添加到所有请求?你能帮我吗?

How can I solve this? How can I add token header to all request? Could you help me please?

推荐答案

我解决了我的问题:

当我研究时，首先找到此示例在鹅身上.

Firstly I find this sample when I research on goole.

之后，我将相同的拦截器应用到我的应用程序中，如下所示:

After that I applied same interceptor my app like this :

app.factory('CsrfTokenInterceptorService', ['$q',
function CsrfTokenInterceptorService($q) {

    // Private constants.
    var CSRF_TOKEN_HEADER = 'X-CSRF-TOKEN',
        HTTP_TYPES_TO_ADD_TOKEN = ['DELETE', 'POST', 'PUT'];

    // Private properties.
    var token;

    // Public interface.
    var service = {
        response: onSuccess,
        responseError: onFailure,
        request: onRequest,
    };

    return service;

    // Private functions.
    function onFailure(response) {
        if (response.status === 403) {
            console.log('Request forbidden. Ensure CSRF token is sent for non-idempotent requests.');
        }

        return $q.reject(response);
    }

    function onRequest(config) {
        if (HTTP_TYPES_TO_ADD_TOKEN.indexOf(config.method.toUpperCase()) !== -1) {
            config.headers[CSRF_TOKEN_HEADER] = token;
        }

        return config;
    }

    function onSuccess(response) {
        var newToken = response.headers(CSRF_TOKEN_HEADER);

        if (newToken) {
            token = newToken;
        }

        return response;
    }
}]);

并添加到app.config方法中:

and added to app.config method this :

$httpProvider.defaults.xsrfHeaderName = 'X-CSRF-TOKEN';
$httpProvider.interceptors.push('CsrfTokenInterceptorService');

但是现在我有另一个问题.浏览器开始打开自定义身份验证弹出窗口.我必须解决这个问题.

But now I have an another problem. Browser start to open custom authentication popup. I have to solve this.

这篇关于spring boot angular js http:/localhost:8080/logout 403禁止错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！