SpringMVC - CORS 过滤不适用于“授权"标头 [英] SpringMVC - CORS filtering doesn't work on 'Authorization' header
问题描述
我正在尝试在 spring mvc 应用程序中添加 OAuth 2.0.用户应该经过身份验证才能获得 api 调用.我在 spring mvc 控制器中设置了一个标题:
I am trying to add OAuth 2.0 in spring mvc app. User should be authenticated in order to get a api call. I have set a headers in spring mvc controller as:
@RequestMapping(value = "/admin-api/get-all-order", method = RequestMethod.GET)
public ResponseEntity getAllOrders(@RequestHeader("Authorization") String bearerToken) {
try {
List<OrderModel> order = orderService.getAllOrders();
return new ResponseEntity(order, HttpStatus.OK);
} catch (HibernateException e) {
return new ResponseEntity(e.getMessage(), HttpStatus.BAD_REQUEST);
}
}
为了请求 api,我使用了 angular 5.我以 angular 进行了 api 调用,例如:
For requesting api I have used angular 5. I make a api call in angular like:
return this.http.get<T>(this.getAllOrderUrl, {
headers: {
"Authorization": "bearer " + JSON.parse(localStorage.getItem("token"))["value"],
"Content-type": "application/json"
}
}).catch(error => {
return this.auth.handleError(error);
})
但它给了我一个奇怪的错误.
But it gave me a strange error.
我已经为localhost:4200"启用了 CORS.CORS 过滤适用于其他请求.
I have already enabled a CORS for 'localhost:4200'. CORS filtering works fine on other request.
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods",
"ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers",
"X-PINGOTHER,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Key");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
如果我尝试过邮递员,它会给我一个想要的结果.
If I tried in postman it give me a desired result.
响应标题
我做错了什么?请帮帮我.希望得到正面回应谢谢!
What am I doing wrong? Please help me out. Hoping for positive response thanks!
推荐答案
如果你想在不使用过滤器或不使用配置文件的情况下启用 CORS 只需添加
If you want to enable CORS without using filters or without config file just add
@CrossOrigin
到控制器的顶部,它就可以工作了.
to the top of your controller and it work.
这篇关于SpringMVC - CORS 过滤不适用于“授权"标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!