SpringMVC – CORS过滤不适用于’授权’标题
我想在spring mvc app中添加OAuth 2.0。 应该对用户进行身份validation以获得api呼叫。 我在spring mvc控制器中设置了一个标题:
@RequestMapping(value = "/admin-api/get-all-order", method = RequestMethod.GET) public ResponseEntity getAllOrders(@RequestHeader("Authorization") String bearerToken) { try { List order = orderService.getAllOrders(); return new ResponseEntity(order, HttpStatus.OK); } catch (HibernateException e) { return new ResponseEntity(e.getMessage(), HttpStatus.BAD_REQUEST); } }
对于请求api,我使用了角度5.我以角度调用api调用:
return this.http.get(this.getAllOrderUrl, { headers: { "Authorization": "bearer " + JSON.parse(localStorage.getItem("token"))["value"], "Content-type": "application/json" } }).catch(error => { return this.auth.handleError(error); })
但它给了我一个奇怪的错误。
我已经为’localhost:4200’启用了CORS。 CORS过滤在其他请求上工作正常。
@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Key"); if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { response.setStatus(HttpServletResponse.SC_OK); } else { chain.doFilter(req, res); } }
如果我在邮差中试过,它会给我一个理想的结果。
响应标题
我究竟做错了什么? 请帮帮我。 希望得到积极的回应谢谢!
如果你想在不使用filter或没有配置文件的情况下启用CORS,只需添加即可
@CrossOrigin
到你的控制器顶部,它的工作原理。