角應用,(在的WebPack開發服務器執行),休息API調用(從角)返回401
這讓REST調用部署在碼頭有Spring應用程序(啓用了春季安全/ BASIC身份驗證) 。
當調用http://localhost:8085/myapi/api/login通過角,響應是:401未經授權 (請求方法是OPTIONS,雖然被指定爲POST)
試過大多數解決方案張貼與此相關的(使能/從角發送CORS標頭,春季安全和web.xml(碼頭)側
需要什麼樣的
錯誤在Chrome:?響應預檢申請未通過訪問控制檢查:沒有「訪問控制允許來源」標頭出現在所請求的資源
角:
let headers = new Headers();
headers.append("Authorization", "Basic " + btoa("test_user:test_user"));
headers.append("X-Requested-With", "XMLHttpRequest");
headers.append("withCredentials", "true");
//headers.append("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS, POST, PUT, DELETE");
//headers.append("Access-Control-Allow-Origen", "*");
let options = new RequestOptions({headers: headers});
this.http.post("http://localhost:8085/myapi/api/services/login",
JSON.stringify({}), options);
春季安全
<sec:http auto-config="true" use-expressions="true"
entry-point-ref="authenticationEntryPoint">
<sec:form-login />
<sec:http-basic />
<sec:logout />
<sec:intercept-url pattern="/**" access="permitAll" />
<!-- corsHandler: filter (OncePerRequestFilter) that adds Access-Control-Allow-Origin header -->
<sec:custom-filter ref="corsHandler" position="PRE_AUTH_FILTER"/>
<sec:cors />
</sec:http>
web.xml
<filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>allowedMethods</param-name>
<param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value>
</init-param>
<init-param>
<param-name>allowedHeaders</param-name>
<param-value>Origin,Content-Type,Accept,authorization,X-Requested-With</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
的WebPack服務器:
devServer: {
historyApiFallback: true,
stats: 'minimal',
headers: {
'Access-Control-Allow-Origin': '*'
}
}
有過濾器(Servlet過濾器)和Spring攔截設置中添加訪問控制允許,俄頭,但都不執行。