我有一个有角度的客户端，该客户端应该从Oracle Rest Data Service获取数据。 ORDS在正在处理身份验证的tomcat内部运行。

如果我用curl发出请求，它将起作用。我有一个c＃webapi，我写了一个控制器来从ORDS =>获取数据，也可以用。 因此，我的有角客户从c＃webapi => ORDS接收数据，但不直接从ORDS接收数据。

login(username,password) {
    let b64 = btoa(username + ':' + password);
    localStorage.setItem('currentUser',b64);
    let headers = new HttpHeaders();
    headers = headers.append('accept','application/json');
    headers = headers.append('Authorization','Basic ' + b64);
    return this.http.get<any>(`URL to ORDS`,{headers} ).subscribe(result => {
      console.log(JSON.stringify(result));
    });
  }

我的tomcat web.xml：

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
     <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>http://localhost:4200/</param-value>
      </init-param> 
      <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>*</param-value>
      </init-param> 
      <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>*</param-value>
      </init-param> 
      <init-param>
        <param-name>cors..support.credentials</param-name>
        <param-value>true</param-value>
      </init-param> 
      <init-param>
        <param-name>cors..preflight.maxage</param-name>
        <param-value>10</param-value>
      </init-param> 
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

此刻服务器返回

access to XMLHttpRequest at 'URL to ORDS' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'access-control-allow-origin' header is present on the requested resource.