我正在为我的项目实现登录功能。在前端,我正在使用Angular 8。
我已经以这种方式实现了,因此Angular 8和Springboot在同一端口8090上运行。
我有路由
const routes: Routes = [
{ path: '', component: EmployeeComponent,canActivate:[AuthGaurdService] },
{ path: 'addemployee', component: AddEmployeeComponent,canActivate:[AuthGaurdService]},
{ path: 'login', component: LoginComponent },
{ path: 'logout', component: LogoutComponent,canActivate:[AuthGaurdService] },
];
Java方面:我已经将其设置为允许所有/ login请求
Web安全配置
@Override
protected void configure(HttpSecurity httpSecurity)
throws Exception
{
// We don't need CSRF for this example
httpSecurity.csrf().disable()
// dont authenticate this particular request
.authorizeRequests().antMatchers("/login").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll().anyRequest().authenticated().and().
// make sure we use stateless session; session won't be used to
// store user's state.
exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Add a filter to validate the tokens with every request
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
}
但是仍然在调用localhost:8090 / login时,我正面临浏览器
Whitelabel错误页面此应用程序没有针对的明确映射
/错误,因此您将其视为备用。
IST 2020年2月26日星期三14:42:50发生意外错误(type = Not
找到,状态= 404)。无可用讯息
在后端,我面对
2020-02-26 14:30:44.045 WARN 5184 --- [nio-8090-exec-1]
org.freelancing.utils.JwtRequestFilter:JWT令牌未开始
与Bearer String 2020-02-26 14:42:49.945 WARN 5184 ---
[nio-8090-exec-3] org.freelancing.utils.JwtRequestFilter:JWT令牌
不以Bearer String 2020-02-26 14:42:51.287 WARN 5184开头
-[nio-8090-exec-4] org.freelancing.utils.JwtRequestFilter:JWT令牌不是以Bearer String开头
我认为这是要进行的
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain chain)
throws ServletException,
IOException
{
final String requestTokenHeader = request.getHeader("Authorization");
String username = null;
String jwtToken = null;
// JWT Token is in the form "Bearer token". Remove Bearer word and get
// only the Token
if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer "))
{
jwtToken = requestTokenHeader.substring(7);
try
{
username = jwtTokenUtil.getUsernameFromToken(jwtToken);
}
catch (IllegalArgumentException e)
{
System.out.println("Unable to get JWT Token");
}
catch (ExpiredJwtException e)
{
System.out.println("JWT Token has expired");
}
}
else
{
logger.warn("JWT Token does not begin with Bearer String");
}
// Once we get the token validate it.
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null)
{
UserDetails userDetails = this.jwtUserDetailsService.loadUserByUsername(username);
// if token is valid configure Spring Security to manually set
// authentication
if (jwtTokenUtil.validateToken(jwtToken, userDetails))
{
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(userDetails, null,
userDetails.getAuthorities());
usernamePasswordAuthenticationToken
.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
// After setting the Authentication in the context, we specify
// that the current user is authenticated. So it passes the
// Spring Security Configurations successfully.
SecurityContextHolder.getContext()
.setAuthentication(usernamePasswordAuthenticationToken);
}
}
chain.doFilter(request, response);
}
我需要的是呈现登录页面,然后获取凭据并创建标题。但是即使点击localhost:8090 / login,它也在上面的代码中要求标题,因为标题为null这就是我得到的错误:
JWT令牌不是以Bearer String开头
LoginComponent
<div class="container">
<div>
User Name : <input type="text" name="username" [(ngModel)]="username">
Password : <input type="password" name="password" [(ngModel)]="password">
</div>
<button (click)=checkLogin() class="btn btn-success">
Login
</button>
</div>
安全知识新手,请帮助
最佳答案
我假设您的角度应用程序在调用时根本不会显示。您不应该尝试在同一台计算机的同一端口上运行两个不同的服务,因为您的浏览器将无法区分应获取请求的服务。
当前,您正在将尚未设置的GET请求发送到您的API(URL:* / login)。因此,您会在错误消息中看到404,但您希望将请求定向到您的角度应用程序以显示您的应用程序(例如登录掩码)。