当我在我的控制器中添加@PreAuthorize("hasRole('ROLE_SUPER_ADMIN'("(并从角度调用时,它不起作用,但当从邮递员调用时它很好。
@GetMapping("/getAllOrgniz")
@PreAuthorize("hasRole('ROLE_SUPER_ADMIN')")
public ResponseEntity<?> allOrganization () {
return organizationService.getAllOrganization();
}
从角度:
getAllOrganizationList ():void {
this.organaigationService.getAll().subscribe(data=>{
this.organizations = data;
});
}
组织服务:
public getAll() {
return this.httpService.getWithToken(this.getAllUrl);
}
HttpService:
getWithToken (url:any): Observable<any> {
let token = this.tokenStoreService.getToken();
console.log(token);
return this.http.get<any>(this.URL+url,this.httpBearerHeader);
}
Spring 启动控制台显示类似
this:com.crm.security.jwt.AuthEntryPointJwt : Unauthorized error: 需要完全身份验证才能访问此资源
角度日志:
core.js:6014 ERROR HttpErrorResponse {headers: HttpHeaders, status: 401, 状态文本: "确定", 网址: "http://localhost:8085/api/organization/getAllOrgniz",好的: 假的,...}headers: HttpHeaders {normalizedNames: Map(0(, lazyUpdate: null, lazyInit: ƒ}status: 401statusText: "OK"url: "http://localhost:8085/api/organization/getAllOrgniz"好: 假名: "HttpErrorResponse"消息:"Http 失败响应 http://localhost:8085/api/organization/getAllOrgniz:401 确定"错误: {时间戳:"2020-06-08T10:14:19.917+00:00",状态:401,错误: "未经授权",跟踪: "org.springframework.security.access.AccessDeniedEx...VA:61(↵ 在 java.lang.Thread.run(Thread.java:748(↵",消息:"错误: 未经授权", ...
在"Bearer"之后添加空格,它应该可以工作:
httpBearerHeader = { headers: new HttpHeaders({ 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + this.tokenStoreService.getToken() }) }