everyone. I'm new to Angular 2 and Spring Framework. I'm trying a simple get request with an authorization header (basic auth).
I'm using Spring Boot (1.2.6.RELEASE), which can also be relevant. My CORS configuration looks like this.
@Component public class SimpleCorsFilter implements Filter { private final Logger log = LoggerFactory.getLogger(SimpleCorsFilter.class); public SimpleCorsFilter() { log.info("SimpleCORSFilter init"); } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me, authorization, x-auth-token"); chain.doFilter(req, res); } @Override public void init(FilterConfig filterConfig) { } @Override public void destroy() { } }
And here's what it looks like from the client side
this.headers.append('Authorization', 'Basic dXNlcjphZG1pbg=='); return this.http .get(`http://localhost:8080/api/login?username=${username}`, {headers : this.headers} ) .map(response => response.json().data as any); }
I keep getting:
XMLHttpRequest cannot load http://localhost:8080/api/login?username=user. Response for preflight has invalid HTTP status code 401
Please help, i don't know what i'm missing... I checked around a lot of posts already but couldn't get there...
avoid filtering and set status 200 when http method is OPTIONS
if("OPTIONS".equalsIgnoreCase(request.getMethod())) { response.setStatus(HttpServletResponse.SC_OK); } else { chain.doFilter(req, res); }
If there is anyone getting into the similar situation working around with Spring Boot, Spring Security and clients like angular 2/4, I've posted the findings here.
For those who are looking for a short answer, you have to configure two things:
With Spring Boot, the recommended way to enable global CORS is to declare within Spring MVC and combined with fine-grained @CrossOrigin
configuration as:
@Configuration public class CorsConfig { @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurerAdapter() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE").allowedOrigins("*") .allowedHeaders("*"); } }; } }
Then, while working with Spring Security, you have to enable CORS at Spring Security level as well to allow it to leverage the configuration defined at Spring MVC level as:
@EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.cors().and()... } }
Cheers!!!
Another option as in spring security guide:
in security config class which extends WebSecurityConfigurerAdapter configure cors()
protected void configure(HttpSecurity http) throws Exception { http .cors().and().**this will use corsConfigurationSource by** default. so lets define corsConfigurationSource // other criteria } **so lets define corsConfigurationSource** @Bean CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("http://myufrontend.com")); configuration.setAllowedMethods(Arrays.asList("GET", "POST")); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); }
This could be very late but this could solve some ones problem, after long hours i found the answer
public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure( WebSecurity web ) throws Exception { web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" ); } }
Refer https://stackoverflow.com/a/45830981/3724760