0

我正在尝试通过 JQuery/Ajax 从另一台服务器调用 Java/Spring Web 服务

单击按钮会触发代码:

var request = $.ajax({
                xhrFields: {
                    withCredentials: true
                },
                method: "GET",
                url: "http://<ipOfWebService>/api/myEndPoint/4313991?country=UK",
                dataType: "xml",
                crossDomain: true,
                username: "basicUsername",
                password: "basicPassword",
            })

我已经根据Tomcat 文档配置了 CORS 过滤器,将 domainOfAjaxCall 指定为允许的来源:

  <filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>ipAddress1,http://dev.ajaxCaller.com</param-value>
    </init-param>
    <init-param>
      <param-name>cors.allowed.methods</param-name>
      <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
    </init-param>
    <init-param>
      <param-name>cors.allowed.headers</param-name>
      <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization</param-value>
    </init-param>
    <init-param>
      <param-name>cors.exposed.headers</param-name>
      <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
    <init-param>
      <param-name>cors.support.credentials</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>cors.preflight.maxage</param-name>
      <param-value>10</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

在成功调用 Web 服务之前,系统会提示我输入用户名/密码:

授权请求截图

我见过的大多数线程都建议用 beforeSend 替换用户名和密码,例如

      beforeSend: function(xhr) {
             xhr.setRequestHeader("Authorization", "Basic " + btoa( "basicUsername:basicPassword"))
        },

不幸的是,这会导致错误,尽管配置了 CORS 过滤器:

Failed to load http://<ipOfWebService>/api/myEndPoint/4313991?country=UK: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '<domainOfAjaxCall>' is therefore not allowed access. The response had HTTP status code 401.

我还尝试将 beforeSend 切换为:

headers: {
"Authorization": "Basic " + btoa("basicUsername:basicPassword")

},

结果相同。

我哪里错了?

4

1 回答 1

0

使用 CORS 标头将 OPTIONS 方法添加到您的 Web 服务,并将“Access-Control-Allow-Headers”设置为“授权”。

这应该工作!

为什么?

在跨域请求中使用 Auth 标头时,将首先发送对 OPTIONS 方法的请求。如果 OPTIONS 具有正确的标头,它将继续执行您在请求中的方法。

于 2018-03-28T14:09:29.657 回答