首页 \ 问答 \ OAuth2 - 检索TOKEN时OPTIONS请求的状态401(OAuth2 - Status 401 on OPTIONS request while retrieving TOKEN)

OAuth2 - 检索TOKEN时OPTIONS请求的状态401(OAuth2 - Status 401 on OPTIONS request while retrieving TOKEN)

 我们的堆栈使用Backbone作为客户端应用程序,Spring Boot作为RESTful API。 
 

 我们正在尝试使用OAuth2进行基本身份验证,用户提供用户名和密码。 
 

 我们使用Spring Security进行身份验证,使用jQuery $ .ajax方法进行请求。 然而,我们得到的响应是在预检OPTIONS请求上的401(未授权)状态,然后我们甚至可以使用我们的秘密进行POST授权。 但是我们可以毫无问题地发布或获取任何其他资源。 OPTIONS请求的服务器响应是200(ok),然后它跟进POST请求。 
 

 那么为什么来自/ oauth / token响应的OPTIONS请求具有401状态,即使它不应该? 它不会让我们自己授权,因为它会停留在我们无法添加授权标头的OPTIONS请求中。 
 

 这就是我们处理前端请求的方式: 
 

                $.ajax({
                url: "http://localhost:8080/oauth/token",
                type: "POST",
                beforeSend: function(xhr) { 
                    xhr.setRequestHeader("Authorization", "Basic Y2xpZW50YXBwOjEyMzQ1Ng==");
                },
                data: {
                    password: "qwerty",
                    username: "jkowalski",
                    grant_type: "password"
                }
            });

 

 这是我们的OAuth2配置: 
 

@Configuration
public class OAuth2ServerConfiguration {

private static final String RESOURCE_ID = "restservice";

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
        ResourceServerConfigurerAdapter {

    [...]

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();

        http
        .authorizeRequests()
            .anyRequest().permitAll();
    }

}

[...]

@Configuration
@EnableAuthorizationServer
protected static class OAuth2AuthorizationConfig extends
        AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // @formatter:off
        clients
            .inMemory()
                .withClient("clientapp")
                    .authorizedGrantTypes("password", "refresh_token")
                    .authorities("USER","ADMIN")
                    .scopes("read", "write")
                    .resourceIds(RESOURCE_ID)
                    .secret("123456");
        // @formatter:on
    }

[...]
}


Our stack uses Backbone as our client-side app and Spring Boot as a RESTful API.
 

We're trying to make basic authentication using OAuth2 with user providing username and password.
 

We use Spring Security for authentication and jQuery $.ajax method for making requests. However the response we get is 401(unauthorized) status on preflight OPTIONS request before we can even POST header with our secret to authorize. However we can POST or GET any other resource without any problems. Server response for OPTIONS request is 200(ok) and then it follows up with POST request.
 

So why is that an OPTIONS request from /oauth/token responses with 401 status even when it shouldn't? It won't let us authorize ourselves because it get's stuck at OPTIONS request in which we can't add authorization header.
 

This is how we handle requests on front-end:
 

                $.ajax({
                url: "http://localhost:8080/oauth/token",
                type: "POST",
                beforeSend: function(xhr) { 
                    xhr.setRequestHeader("Authorization", "Basic Y2xpZW50YXBwOjEyMzQ1Ng==");
                },
                data: {
                    password: "qwerty",
                    username: "jkowalski",
                    grant_type: "password"
                }
            });

 

This is our OAuth2 config:
 

@Configuration
public class OAuth2ServerConfiguration {

private static final String RESOURCE_ID = "restservice";

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
        ResourceServerConfigurerAdapter {

    [...]

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();

        http
        .authorizeRequests()
            .anyRequest().permitAll();
    }

}

[...]

@Configuration
@EnableAuthorizationServer
protected static class OAuth2AuthorizationConfig extends
        AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // @formatter:off
        clients
            .inMemory()
                .withClient("clientapp")
                    .authorizedGrantTypes("password", "refresh_token")
                    .authorities("USER","ADMIN")
                    .scopes("read", "write")
                    .resourceIds(RESOURCE_ID)
                    .secret("123456");
        // @formatter:on
    }

[...]
}


原文:https://stackoverflow.com/questions/30622624
更新时间:2022-05-28 19:05

最满意答案

 您可以检查您的搜索控制器是否处于活动状态(我假设您在视图控制器中有对您的搜索控制器的引用)。 
 

 将其添加到prepareForDelete的开头: 
 

guard !searchController.active else { return }

 

 该代码检查搜索控制器是否未激活,但如果是,则不执行任何代码。 

You can check if your search controller is active (I'm assuming you have a reference to your search controller in the view controller).
 

Add this to the beginning of prepareForDelete:
 

guard !searchController.active else { return }

 

That code checks if the search controller is not active, but if it is, it doesn't execute any code.

相关问答

更多

相关文章

更多
  • http status 汇总
  • 微信开发关注回复 oauth2(1)
  • ACCESS TOKEN
  • 微信开发者-主动请求-实际开发-(5)验证TOKEN(java)
  • JAVA折腾微信公众平台(Token验证)[转]
  • 微信开发者-主动请求-实际开发-(5)验证TOKEN(C#)
  • .net 微信Token验证
  • .net 微信Token验证
  • 微信TOKEN验证源码
  • 顶 微信API access_token 验证 weixin_authorize

    • 最新问答

    更多
  • 您如何使用git diff文件,并将其应用于同一存储库的副本的本地分支?(How do you take a git diff file, and apply it to a local branch that is a copy of the same repository?)
  • 将长浮点值剪切为2个小数点并复制到字符数组(Cut Long Float Value to 2 decimal points and copy to Character Array)
  • OctoberCMS侧边栏不呈现(OctoberCMS Sidebar not rendering)
  • 页面加载后对象是否有资格进行垃圾回收?(Are objects eligible for garbage collection after the page loads?)
  • codeigniter中的语言不能按预期工作(language in codeigniter doesn' t work as expected)
  • 在计算机拍照在哪里进入
  • 使用cin.get()从c ++中的输入流中丢弃不需要的字符(Using cin.get() to discard unwanted characters from the input stream in c++)
  • No for循环将在for循环中运行。(No for loop will run inside for loop. Testing for primes)
  • 单页应用程序:页面重新加载(Single Page Application: page reload)
  • 在循环中选择具有相似模式的列名称(Selecting Column Name With Similar Pattern in a Loop)
  • System.StackOverflow错误(System.StackOverflow error)
  • KnockoutJS未在嵌套模板上应用beforeRemove和afterAdd(KnockoutJS not applying beforeRemove and afterAdd on nested templates)
  • 散列包括方法和/或嵌套属性(Hash include methods and/or nested attributes)
  • android - 如何避免使用Samsung RFS文件系统延迟/冻结?(android - how to avoid lag/freezes with Samsung RFS filesystem?)
  • TensorFlow:基于索引列表创建新张量(TensorFlow: Create a new tensor based on list of indices)
  • 企业安全培训的各项内容
  • 错误:RPC失败;(error: RPC failed; curl transfer closed with outstanding read data remaining)
  • C#类名中允许哪些字符?(What characters are allowed in C# class name?)
  • NumPy:将int64值存储在np.array中并使用dtype float64并将其转换回整数是否安全?(NumPy: Is it safe to store an int64 value in an np.array with dtype float64 and later convert it back to integer?)
  • 注销后如何隐藏导航portlet?(How to hide navigation portlet after logout?)
  • 将多个行和可变行移动到列(moving multiple and variable rows to columns)
  • 提交表单时忽略基础href,而不使用Javascript(ignore base href when submitting form, without using Javascript)
  • 对setOnInfoWindowClickListener的意图(Intent on setOnInfoWindowClickListener)
  • Angular $资源不会改变方法(Angular $resource doesn't change method)
  • 在Angular 5中不是一个函数(is not a function in Angular 5)
  • 如何配置Composite C1以将.m和桌面作为同一站点提供服务(How to configure Composite C1 to serve .m and desktop as the same site)
  • 不适用:悬停在悬停时:在元素之前[复制](Don't apply :hover when hovering on :before element [duplicate])
  • 常见的python rpc和cli接口(Common python rpc and cli interface)
  • Mysql DB单个字段匹配多个其他字段(Mysql DB single field matching to multiple other fields)
  • 产品页面上的Magento Up出售对齐问题(Magento Up sell alignment issue on the products page)

    • Copyright ©2023 peixunduo.com All Rights Reserved.粤ICP备14003112号

    本站部分内容来源于互联网,仅供学习和参考使用,请莫用于商业用途。如有侵犯你的版权,请联系我们(neng862121861#163.com),本站将尽快处理。谢谢合作!