角应用,(在的WebPack开发服务器执行),休息API调用(从角)返回401
这让REST调用部署在码头有Spring应用程序(启用了春季安全/ BASIC身份验证) 。
当调用http://localhost:8085/myapi/api/login通过角,响应是:401未经授权 (请求方法是OPTIONS,虽然被指定为POST)
试过大多数解决方案张贴与此相关的(使能/从角发送CORS标头,春季安全和web.xml(码头)侧
需要什么样的
错误在Chrome:?响应预检申请未通过访问控制检查:没有“访问控制允许来源”标头出现在所请求的资源
角:
let headers = new Headers();
headers.append("Authorization", "Basic " + btoa("test_user:test_user"));
headers.append("X-Requested-With", "XMLHttpRequest");
headers.append("withCredentials", "true");
//headers.append("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS, POST, PUT, DELETE");
//headers.append("Access-Control-Allow-Origen", "*");
let options = new RequestOptions({headers: headers});
this.http.post("http://localhost:8085/myapi/api/services/login",
JSON.stringify({}), options);
春季安全
<sec:http auto-config="true" use-expressions="true"
entry-point-ref="authenticationEntryPoint">
<sec:form-login />
<sec:http-basic />
<sec:logout />
<sec:intercept-url pattern="/**" access="permitAll" />
<!-- corsHandler: filter (OncePerRequestFilter) that adds Access-Control-Allow-Origin header -->
<sec:custom-filter ref="corsHandler" position="PRE_AUTH_FILTER"/>
<sec:cors />
</sec:http>
web.xml
<filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>allowedMethods</param-name>
<param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value>
</init-param>
<init-param>
<param-name>allowedHeaders</param-name>
<param-value>Origin,Content-Type,Accept,authorization,X-Requested-With</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
的WebPack服务器:
devServer: {
historyApiFallback: true,
stats: 'minimal',
headers: {
'Access-Control-Allow-Origin': '*'
}
}
有过滤器(Servlet过滤器)和Spring拦截设置中添加访问控制允许,俄头,但都不执行。