Rest API返回401时CORS错误
我在Spring中有REST API作为后端,Angular 2作为前端。
XMLHttpRequest cannot load http://localhost:8888/emot/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 401.
authenticate(login: string, password: string) {
let headers = this.createBasicHeaders();
this.createAuthorizationHeader(headers, login, password);
const options = new RequestOptions({headers: headers});
console.log(this.http.post(this.restApi + "/emot/login", '{}', options)
.map(this.extractData)
.toPromise()
.catch(this.handleError));
}
createAuthorizationHeader(headers: Headers, login: string, password: string) {
headers.append('Authorization', 'Basic ' +
btoa(login + ':' + password));
}
createBasicHeaders(): Headers {
let headers = new Headers();
headers.append('Content-Type', 'application/json');
// Website you wish to allow to connect
headers.append('Access-Control-Allow-Origin', this.restApi);
// Request methods you wish to allow
headers.append('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
// Request headers you wish to allow
headers.append('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
// Set to true if you need the website to include cookies in the requests sent
// to the API (e.g. in case you use sessions)
headers.append('Access-Control-Allow-Credentials', 'true');
return headers;
}
private extractData(res: Response) {
const body = res.json();
console.log("GOOD");
return body.data || {};
}
private handleError(error: Response | any) {
let errMsg: string;
if (error instanceof Response) {
const body = error.json() || '';
const err = body.error || JSON.stringify(body);
errMsg = `${error.status} - ${error.statusText || ''} ${err}`;
}
else {
errMsg = error.message ? error.message : error.toString();
}
return Observable.throw(errMsg);
}
@RestController
@ComponentScan("xxxx")
@RequestMapping("/xxx")
@CrossOrigin(origins = "*")
public class RootRequestDispatcher {
@Autowired
OperatorFacade operatorFacade;
@RequestMapping(value = "login", method = RequestMethod.POST)
public ResponseEntity<OperatorDTO> logon(Authentication auth) {
System.out.println(auth);
OperatorDTO operator = operatorFacade.findOperatorByLogin(auth.getName());
return new ResponseEntity<OperatorDTO>(operator, HttpStatus.OK);
}
}
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.addHeader(SecurityProperties.HEADER_NAME_REALM, SecurityProperties.HEADER_VALUE_REALM + getRealmName());
authException.printStackTrace();
System.out.println("TESTING ERROR");
ObjectMapper mapper = new ObjectMapper();
PrintWriter writer = response.getWriter();
writer.println(mapper.writeValueAsString(new ExceptionBean(Causes.ANOTHER_CAUSE)));
}
共有1个答案
我找到了解决办法。
对于这个问题,需要重写AccessDeniedHandlerbean。不像我在前一篇文章中做的那样。
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
AccessDeniedException e) throws IOException,
ServletException {
httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
httpServletResponse.addHeader(SecurityPathProperties.HEADER_NAME_REALM,
SecurityPathProperties.HEADER_VALUE_REALM + SecurityPathProperties.REALM);
ObjectMapper mapper = new ObjectMapper();
PrintWriter writer = httpServletResponse.getWriter();
writer.println(mapper.writeValueAsString(new ExceptionBean(ExceptionCauses.NOT_FOUND_USER)));
}
}
-
我正在尝试使用Tweepy API流,但我一直收到错误401。我在网上寻找线索,我找到的每个线程都说这是因为时区设置。那可能不是我的情况。 在我的方案中,我可以与 Twitter API(verify_credentials)进行通信,但是当我创建 Stream 对象并使用筛选器方法触发它时,我不断收到错误 401。这是我的监听器类: 这是我正在测试的代码: 如您所见,api。verify_cre
-
null 我在SonarQube UI中配置了一个webhook,其URL如下。 http://myjenkins.com:8083/sonarqube-webhook/ 我有一个詹金斯管道文件如下。 所以我现在不知道该去哪里? 任何帮助都将不胜感激!
-
我正在尝试使用Postman应用程序发送EC2 RestAPI(DescribeInstances)。我在AWS的IAM中创建了一个用户。我为该特定用户生成了AccessKeyId和SecretKey,并为用户提供了“AmazonEC2FullAccess”策略(所有EC2访问)。我在Postman中使用了以下步骤来发送ResAPI: > AccessKey=ACCESSKEYEXAMPLE 点击
-
我公开了一个。NET API,运行在IIS服务器上。有一个每晚执行的Windows计划任务。它运行一个cURL请求。当我复制该命令并在cmd窗口中执行它时,它返回401。 我在Postman中尝试了相同的api调用,得到了200。 IIS日志显示: cUrl命令和Postman实例都在服务器上运行。运行API的同一台。我是不是错过了邮递员做的事情,我需要让卷毛做的事情?
-
第一次使用 Twython 并遵循此处文档中的示例。 我要拿回以下东西: 有人能提供一些指导吗? 谢谢你!
-
那还行。然后尝试调用创建用户(或执行其他操作),得到一个401未经授权的错误: 这不是包含令牌的正确方式吗?访问令牌是用于验证其他API调用的令牌吗?管理员帐户的令牌难道不应该用于通过主域对其他客户机的调用进行身份验证吗?是否需要在管理控制台更改主域中的某些设置?任何帮助都很感激。