我正在尝试创建一个将前端和后端资产分开的应用程序.举个例子,假设前端最终将被托管在gh页面上,而后端将被部署在Heroku上.
我想使用OAuth2.0协议来验证我的客户端,GitHub是我的主要提供商.
作为“概念证明”,我想创建一些利用这种身份验证的虚拟应用程序.以下是代码:
前端(Angular2应用程序) – 在localhost:8080上启动
// template
{{title}}
getServerResponse()
{{response}}
// component
export class AppComponent {
title = 'app works!';
response = 'server response';
constructor(private http: Http) {}
getServerResponse() {
this.http.get('http://localhost:9000/hello')
.subscribe(res => this.response = JSON.stringify(res.json()));
}
}
后端(Java Spring应用程序) – 在localhost:9000上启动
// Application.java
@SpringBootApplication
@EnableOAuth2Sso
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
// HelloController.java
@Controller
public class HelloController {
@RequestMapping("/hello")
public String hello() {
return "Hello!";
}
}
// FilterConfig.java
@Configuration
public class FilterConfig {
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(1);
return bean;
}
}
// resources/config/application.yml
security:
oauth2:
client:
clientId: xxx
clientSecret: yyy
accessTokenUri: https://github.com/login/oauth/access_token
userAuthorizationUri: https://github.com/login/oauth/authorize
clientAuthenticationScheme: form
scope: repo, user, read:org
resource:
userInfoUri: https://api.github.com/user
filter-order: 5
server:
port: 9000
我已经尝试在GitHub上注册localhost:8080和localhost:9000作为OAuth应用程序,但无论何时我尝试单击getServerResponse()按钮,我得到相同的结果:
我想问一下,是否有可能以这种方式分离资产?如果是这样,我在哪里犯错误?
谢谢!