2個獨立的springBoot項目突然有了關聯,要A向B同步數據,但是使用httpClient工具訪問一直是403拒絕訪問,開始時候以為token拼接到路徑里就可以呢,結果當然不行,然后放到請求頭里,httpPost.addHeader("token", token); 結果還是403,最后找到后台token校驗的代碼,發現了原因
public static String resolveToken(HttpServletRequest request) { String bearerToken = request.getHeader("Authorization"); if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) { return bearerToken.substring(7); } else { Cookie[] cookies = request.getCookies(); return cookies == null ? null : (String)Arrays.stream(cookies).filter((cookie) -> { return Objects.equals(cookie.getName(), "access-token"); }).findFirst().map(Cookie::getValue).orElse((Object)null); } }
代碼里對token進行了2種判斷,第一個是判斷是否postman等工具發送的請求,postman請求會默認在token拼接"Bearer "
Bearer eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiI0MGZjZGRlMDVhNWU0YjExYTQ1OTE4ODJmYzU5OWYzNiIsInN1YiI6ImFkbWluIiwiaWQiOiIxMTIzNTk4ODIxNzM4Njc1MjAxIiwicm9sZXMiOiJzdXBlcmFkbWluIiwiZ3JvdXBzIjoic3VwZXJhZG1pbiIsImV4cCI6MTY0MDc2MDAyNH0.BhotiZOY5fz_AVXdQZ27e_KKXzmtpL4rCtTDuBwbX8qu1O-MgDPGc-kYslzKyDAc9kas7VNx7iED8k4MBZpRAQ
第二種是瀏覽器等請求從cookie里取出token,然后在對token進行校驗