我是春季靴子的新手。我已经使用oAuth2实现了Spring Security,并从spring Security成功获得了acesstoken。但是当我尝试用#34;授权"头..
config.headers["Authorization"] = 'Bearer 0d634d2b-3900-4ca4-a462-cf729e8d0c72';
我的CORS过滤器为:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class RequestFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT,DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
if (request.getMethod()!="OPTIONS") {
chain.doFilter(req, res);
} else {
}
}
@Override
public void destroy() {
}
}
但它仍然给出了CORS问题。
请在我错的地方帮助我。
答案 0 :(得分:2)
问题解决。我发送令牌是错误的方式
config.headers["Authorization"] = 'Bearer 0d634d2b-3900-4ca4-a462-cf729e8d0c72';
正确的方法是:
config.headers.authorization = 'Bearer 0d634d2b-3900-4ca4-a462-cf729e8d0c72';
答案 1 :(得分:0)
尝试像下面这样设置Access-Control-Allow-Headers:
response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Authorization, Content-Type");