SpringMVC - CORS 过滤不适用于“授权"标头 [英] SpringMVC - CORS filtering doesn't work on 'Authorization' header

问题描述

我正在尝试在 spring mvc 应用程序中添加 OAuth 2.0.用户应该经过身份验证才能获得 api 调用.我在 spring mvc 控制器中设置了一个标题:

I am trying to add OAuth 2.0 in spring mvc app. User should be authenticated in order to get a api call. I have set a headers in spring mvc controller as:

@RequestMapping(value = "/admin-api/get-all-order", method = RequestMethod.GET)
    public ResponseEntity getAllOrders(@RequestHeader("Authorization") String bearerToken) {
        try {
            List<OrderModel> order = orderService.getAllOrders();
            return new ResponseEntity(order, HttpStatus.OK);
        } catch (HibernateException e) {
            return new ResponseEntity(e.getMessage(), HttpStatus.BAD_REQUEST);
        }
    }

为了请求 api，我使用了 angular 5.我以 angular 进行了 api 调用，例如:

For requesting api I have used angular 5. I make a api call in angular like:

return this.http.get<T>(this.getAllOrderUrl, {
            headers: {
                "Authorization": "bearer " + JSON.parse(localStorage.getItem("token"))["value"],
                "Content-type": "application/json"
            }
        }).catch(error => {
            return this.auth.handleError(error);
        })

但它给了我一个奇怪的错误.

But it gave me a strange error.

我已经为localhost:4200"启用了 CORS.CORS 过滤适用于其他请求.

I have already enabled a CORS for 'localhost:4200'. CORS filtering works fine on other request.

@Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods",
                "ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers",
                "X-PINGOTHER,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Key");

        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(req, res);
        }
    }

如果我尝试过邮递员，它会给我一个想要的结果.

If I tried in postman it give me a desired result.

响应标题

我做错了什么?请帮帮我.希望得到正面回应谢谢！

What am I doing wrong? Please help me out. Hoping for positive response thanks!

推荐答案

如果你想在不使用过滤器或不使用配置文件的情况下启用 CORS 只需添加

If you want to enable CORS without using filters or without config file just add

@CrossOrigin

到控制器的顶部，它就可以工作了.

to the top of your controller and it work.

这篇关于SpringMVC - CORS 过滤不适用于“授权"标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！