1. 首頁
  2. 問答
  3. 獲得401訪問http://本地主機:8080 /的OAuth /令牌

獲得401訪問http://本地主機:8080 /的OAuth /令牌

2015-06-21 71 views
2

我打從我angularjs客戶端應用程序一個終點時,我做的是一個我收到在瀏覽器控制檯下面的錯誤登錄獲得401訪問http://本地主機:8080 /的OAuth /令牌

選項http://localhost:8080/oauth/token XMLHttpRequest無法加載http://localhost:8080/oauth/token。無效的HTTP狀態代碼401

它是接受來自客戶端的CORS的服務器端代碼。 

@Component 
 
public class SimpleCORSFilter implements Filter { 
 

 
\t public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { 
 
\t \t HttpServletResponse response = (HttpServletResponse) res; 
 
\t \t response.setHeader("Access-Control-Allow-Origin", "*"); 
 
\t \t response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); 
 
\t \t response.setHeader("Access-Control-Max-Age", "3600"); 
 
\t \t response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); 
 
\t \t chain.doFilter(req, res); 
 
\t } 
 

 
\t public void init(FilterConfig filterConfig) {} 
 

 
\t public void destroy() {} 
 

 
}

這是該調用http://localhost:8080/oauth/token

angular.module('frontendApp') 
 
    .factory('AuthServerProvider', function loginService($http, localStorageService, Base64, API_SERVER) { 
 
    return { 
 
     login: function (credentials) { 
 
     var data = "username=" + credentials.username + "&password=" 
 
      + credentials.password + "&grant_type=password&scope=read%20write&" + 
 
      "client_secret=123456&client_id=clientapp"; 
 
     return $http.post(API_SERVER + 'oauth/token', data, { 
 
      headers: { 
 
      "Content-Type": "application/x-www-form-urlencoded", 
 
      "Accept": "application/json", 
 
      "Access-Control-Allow-Origin": "*", 
 
      "Authorization": "Basic " + Base64.encode("clientapp" + ':' + "123456") 
 
      } 
 
     }).success(function (response) { 
 
      var expiredAt = new Date(); 
 
      expiredAt.setSeconds(expiredAt.getSeconds() + response.expires_in); 
 
      response.expires_at = expiredAt.getTime(); 
 
      localStorageService.set('token', response); 
 
      return response; 
 
     }); 
 
     }, 
 
     logout: function() { 
 
     // logout from the server 
 
     $http.post('api/logout').then(function() { 
 
      localStorageService.clearAll(); 
 
     }); 
 
     }, 
 
     getToken: function() { 
 
     return localStorageService.get('token'); 
 
     }, 
 
     hasValidToken: function() { 
 
     var token = this.getToken(); 
 
     return token && token.expires_at && token.expires_at > new Date().getTime(); 
 
     } 
 
    }; 
 
    });

來源

2015-06-21 karthik pamidimarri

+0

您將url oauth/auth添加到Spring中的匿名權限? –

+0

將'Authorization'頭添加到** Access-Control-Allow-Headers **列表 – Michael

+0

@Michael我已經在代碼中添加了** Access-Control-Allow-Headers列表**請看一次,我的憑證不是當我在網絡中的瀏覽器控制檯中看到時添加請求。 –

回答

5

在OPTIONS請求的情況下,客戶端代碼,你不應該做進一步的處理,即跳過調用chain.doFilter(req, res) ,例如:

HttpServletRequest request = (HttpServletRequest) req; 
    HttpServletResponse response = (HttpServletResponse) resp; 

    response.addHeader("Access-Control-Allow-Origin", "*"); 

    if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { 
     response.setHeader("Access-Control-Allow-Methods", "POST,GET,DELETE"); 
     response.setHeader("Access-Control-Max-Age", "3600"); 
     response.setHeader("Access-Control-Allow-Headers", "content-type,access-control-request-headers,access-control-request-method,accept,origin,authorization,x-requested-with"); 
     response.setStatus(HttpServletResponse.SC_OK); 
    } else { 
     chain.doFilter(req, resp); 
    }

來源

2015-06-22 06:57:42

+0

我添加了你的代碼仍然應用程序無法正常工作我在瀏覽器控制檯中出現以下錯誤「XMLHttpRequest無法加載http:// localhost:8080/oauth/token。請求頭字段Access-Control-Allow-Headers不允許Access-Control-Allow-Headers「 –

+0

客戶端不應發送」Access-Control-Allow-Origin「頭,它由服務器發送給客戶!從你的JS代碼中移除它。 –

+0

@ Vilmantas Baranauskas感謝Vilmantas現在正在工作 –

相關問題

 相關問題