-2

I am trying to learn Spring security, and I got a problem.

I have a front-end project & a back-end projec.

Front-end project use node.js http-server on localhost:8000

Back-end project use Spring Boot Tomcat on localhost:8090

And I just add spring security to my back-end project.

Now the problem is I login in login.html, and redirect to index.html, but in index.html I want to access resource which in my back-end project, but Spring security always give me 401 error, if I type the url (for instance http://localhost://8090/getName), the browser would alter, and ask me to input username and password. After I finish, I type the other url (http://localhost://8090/getName2), I got the result directively. And it seems I didn't login. What's my problem?

Here is my Spring config:

    @Override
protected void configure(HttpSecurity http) throws Exception{

    http
            .httpBasic()
            .and()
            .authorizeRequests()
            .anyRequest().authenticated()
        ;
}

    @Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**");
}

and this is my controller

@RequestMapping("/login")
    String login(Principal principal){
        return principal.getName();
    }

and this is my fron-end login page's js,i use angular-js

loginApp.controller('navigation', function($rootScope, $http, $location, $scope, $window) {

$scope.login = function() {
    var h = {authorization : "Basic "+ btoa($scope.credentials.username + ":" + $scope.credentials.password)                };
    $http.get('http://localhost:8090/login/',{headers : h}).then(function(response) {
        onsole.log(response.data);
        $window.location.href='/index.html'; 
    });
};
   });
halfer
  • 19,824
  • 17
  • 99
  • 186
Dade
  • 1
  • Please review [the edit history](https://stackoverflow.com/posts/42699479/revisions) to see how much needed to be edited to make this readable. We do not require people to use perfect English here, but if you like all-lower case posting and txtspk, Stack Overflow probably isn't for you. – halfer Mar 22 '17 at 18:40
  • - - I'm sorry about that.It's because I still don't get used to 'use statckoverfolw'.Thanks for your reminder.I will pay attention to that later. – Dade Mar 27 '17 at 03:46

1 Answers1

0

I got the answer finally. The resource is that after I login using AngularJS, I didn't set the flag withCredentials, so when I need to access resources again, I just $http.get('http://localhost:8090/test__2/',{withCredentials: true}).then and it works.

Thanks to Angularjs $http does not seem to understand "Set-Cookie" in the response.

Community
  • 1
  • 1
Dade
  • 1