Cross-Origin Resource Sharing with Spring Security

Question

I\'m trying to make CORS play nicely with Spring Security but it\'s not complying. I made the changes described in this article and changing this line in applicationCo

Answer 1

Mostly,the OPTIONS request dont carry cookie for the authentication of the spring security.
To resovle that,can modify configuration of spring security to allow OPTIONS request without authentication.
I research a lot and get two solutions:
1.Using Java config with spring security configuration,

@Override
protected void configure(HttpSecurity http) throws Exception
{
    http
    .csrf().disable()
    .authorizeRequests()
    .antMatchers(HttpMethod.OPTIONS,"/path/to/allow").permitAll()//allow CORS option calls
    .antMatchers("/resources/**").permitAll()
    .anyRequest().authenticated()
    .and()
    .formLogin()
    .and()
    .httpBasic();
}

2.Using XML(note. cant not write "POST,GET"):

On the end,there is the source for the solution... :)