身份驗證Microsoft OneDrive REST服務Java/Ionic 2

Question

我正嘗試使用Java for後端和Ionic 2向Microsoft OneDrive和REST服務進行身份驗證。如果我直接從Chrome調用我的服務。 我張貼代碼：

private static final String REDIRECT_URI = "http://localhost:8080/CloudToCloud/onedrive/getToken"; 

@RequestMapping(value = { "/getAccess" }, method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) 
public void authorizationFlow(HttpServletRequest request, HttpServletResponse response) 
     throws IOException, InterruptedException { 
    try { 
     String authURL = "https://login.live.com/oauth20_authorize.srf?client_id=" + CLIENT_ID 
       + "&scope=wl.signin%20wl.basic%20wl.offline_access%20wl.skydrive_update&response_type=code&redirect_uri=" 
       + REDIRECT_URI; 
     response.sendRedirect(authURL); 
    } catch (Exception e) { 
     logger.severe(e.getMessage()); 
    } 
} 

@RequestMapping(value = { "/getToken" }, params = { "code" }, method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) 
public ResponseEntity<JSONObject> getToken(@RequestParam("code") String code) 
     throws IOException, InterruptedException, ParseException { 
    JSONObject json = null; 
    try { 
     logger.info("Auth CODE: " + code); 
     String url = "https://login.live.com/oauth20_token.srf"; 
     URL obj = new URL(url); 
     HttpsURLConnection con = (HttpsURLConnection) obj.openConnection(); 

     con.setRequestMethod("POST"); 
     con.setRequestProperty("User-Agent", "Mozilla/5.0"); 
     con.setRequestProperty("Accept-Language", "en-US,en;q=0.5"); 

     String urlParameters = "client_id=" + CLIENT_ID + "&" + "redirect_uri=" + REDIRECT_URI + "&" 
       + "client_secret=" + SECRET + "&" + "code=" + code + "&" + "grant_type=authorization_code"; 
     logger.info(url + urlParameters); 

     con.setDoOutput(true); 
     DataOutputStream wr = new DataOutputStream(con.getOutputStream()); 
     wr.writeBytes(urlParameters); 
     wr.flush(); 
     wr.close(); 

     int responseCode = con.getResponseCode(); 
     logger.info("REQUEST SENT. Response Code : " + responseCode); 

     BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); 
     String inputLine; 
     StringBuffer response = new StringBuffer(); 

     while ((inputLine = in.readLine()) != null) { 
      response.append(inputLine); 
     } 
     String risposta = response.toString(); 
     JSONParser parser = new JSONParser(); 
     json = (JSONObject) parser.parse(risposta); 
     String token = json.get("access_token").toString(); 

     FileWriter file = new FileWriter(DATA_STORE_DIR); 
     file.write(json.toJSONString()); 

     logger.info("\nTOKEN:\n" + token); 

     file.flush(); 
     file.close(); 
     return new ResponseEntity<JSONObject>(json, HttpStatus.OK); 
    } catch (Exception e) { 
     logger.info("ERRORE: " + e.getMessage()); 
     return new ResponseEntity<JSONObject>(HttpStatus.BAD_REQUEST); 
    } 
} 

我所說的第一個服務，我得到一個代碼，我做的第二服務的重定向，它爲我提供了令牌的JSON，用於所有其他呼叫。至此一切正常。 這個問題是使用離子2.我張貼代碼：

服務：

getAuthOneDrive(){ 
    var url = 'http://localhost:8080/CloudToCloud/onedrive/getAccess'; 
    var response = this.http.get(url).map(res => res.json()); 
    return response; 
} 

組件：

getAuthOneDrive(){ 
    this.cloudServiceAuthentication.getAuthOneDrive().subscribe(
    err => { 
     console.log(err); 
    }, 
    () => console.log('getAuthOneDrive Complete') 
); 
} 

而我代理，我在ionic.config已經配置.json：

{ 
    "name": "C2C", 
    "app_id": "c6203dd8", 
    "v2": true, 
    "typescript": true, 
    "proxies": [ 
    { 
     "path": "/", 
     "proxyUrl": "http://localhost:8080/" 
    } 
    ] 
} 

如果我嘗試調用相同的服務（http://localhost:8080/CloudToCloud/onedrive/getAcces），則從在Ionic2中的應用程序，通過點擊一個按鈕，我得到這個錯誤。

XMLHttpRequest cannot load http://localhost:8080/CloudToCloud/onedrive/getAccess. Redirect from 'http://localhost:8080/CloudToCloud/onedrive/getAccess' to 'https://login.live.com/oauth20_authorize.srf?client_id=ae9573ba-6bc0-4a87-8…ype=code&redirect_uri=http://localhost:8080/CloudToCloud/onedrive/getToken' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access. 

我真的嘗試了一切。如果有人能給我一個幫助，我會很感激。謝謝！ ;）

編輯：

這是我一直試圖做的事： 1加「‘訪問控制允許來源’，‘*’頭，我得到這個錯誤：

XMLHttpRequest cannot load http://localhost:8080/CloudToCloud/onedrive/getAccess. Redirect from 'http://localhost:8080/CloudToCloud/onedrive/getAccess' to 'https://login.live.com/oauth20_authorize.srf?client_id=ae9573ba-6bc0-4a87-8…ype=code&redirect_uri=http://localhost:8080/CloudToCloud/onedrive/getToken' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect. 

2-不要在第一服務使用response.sendRedirect是，但滿足與HttpsURLConnection的或Spring RestTemplate所述請求; 3-試圖直接從離子調用Microsoft服務; 4-使用Spring註解@ CrossOrigin，但我有同樣的錯誤。

Answer 1

我通過修改第一個服務/ getAccess，添加頭部Access-Control-Allow-Origin並使用我的REDIRECT_URI而不再是發出問題的sendRedirect來解決問題。

@CrossOrigin(origins = "*") 
@RequestMapping(value = { "/getAccess" }, method = RequestMethod.GET) 
public void authenticate() throws IOException { 
    try { 
     OneDriveSDK sdk = OneDriveFactory.createOneDriveSDK(CLIENT_ID, SECRET, REDIRECT_URI, 
       OneDriveScope.READWRITE); 
     String url = sdk.getAuthenticationURL(); 
     logger.info(url); 
     openWebpage(url); 
     URL obj = new URL(url); 
     HttpsURLConnection con = (HttpsURLConnection) obj.openConnection(); 
     con.setRequestMethod("GET"); 
     con.setRequestProperty("Access-Control-Allow-Origin", "*"); 
     con.setDoOutput(true); 
     int responseCode = con.getResponseCode(); 
     logger.info("REQUEST SENT. Response Code : " + responseCode); 
    } catch (Exception e) { 
     e.printStackTrace(); 
    } 
} 

Answer 2

出於安全原因，跨瀏覽器請求受瀏覽器限制。請看HTTP access control (CORS)以瞭解其工作原理的詳細解釋。

設置下面的頭應該允許您解決此問題在開發：

Access-Control-Allow-Origin: * 

只要確保你刪除此頭（或者至少限制它超出了「*」）在生產部署。