Ibrahim Erol
Reputation: 53
Spring Boot Oauth2, "Access-Control-Allow-Origin" Error (Server returns 401)
i have a rest server with oauth2 implemented. POSTMAN works good but our angular2 client wont work because of the following reason on console:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 401.
Have been reading and trying on this problem for some hours long. We have our filter implemented as below:
@Component
public class CORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
And in the Initializer class here how we start it (also tried the commented override method)
public class ZiftInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { ZiftConfiguration.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
/*
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
registerServletFilter(servletContext, new CORSFilter());
super.onStartup(servletContext);
}*/
@Override
protected Filter[] getServletFilters() {
Filter [] singleton = { new CORSFilter()};
return singleton;
}
}
And lastly, here is our class that extends WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery("select username,password, enabled from User where username=?")
.authoritiesByUsernameQuery("select username, role from User_Roles where username=?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().anonymous().disable().authorizeRequests().antMatchers("/oauth/token").permitAll();
http.authorizeRequests().antMatchers("/oauth/token/").permitAll();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
}
@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
}
}
What might be the problem? Thank you all even for reading.
Upvotes: 1
Views: 1931
Answers (3)
Ibrahim Erol
Reputation: 53
Here is the logs from catalina.out.For some reason user is set to anonymous.
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.NegatedRequestMatcher - matches = true
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Did not match
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - No matches found
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint - No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@5b00667d
07:24:30.697 [http-nio-8080-exec-5] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
07:25:00.633 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token']
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/oauth/token'; against '/oauth/token'
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - matched
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
07:25:00.634 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.header.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@af3e6d
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'GET /logout
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'POST /logout
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'PUT /logout
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'DELETE /logout
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - No matches found
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx.com&password=xx at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
07:25:00.635 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 89.78.223.237; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token?grant_type=password&username=xx&password=xx at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/oauth/token'; against '/oauth/token'
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /oauth/token?grant_type=password&username=xx.com&password=xx; Attributes: [fullyAuthenticated]
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 89.78.223.237; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
07:25:00.636 [http-nio-8080-exec-6] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@27afca98, returned: -1
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:509)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1104)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1524)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1480)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Trying to match using Ant [pattern='/**', GET]
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request 'OPTIONS /oauth/token' doesn't match 'GET /**
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Did not match
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - Request not saved as configured RequestMatcher did not match
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Calling Authentication entry point.
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
07:25:00.637 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint - Trying to match using OrRequestMatcher [requestMatchers=[RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]]]]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.NegatedRequestMatcher - matches = true
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4aef9839, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - httpRequestMediaTypes=[]
07:25:00.638 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.MediaTypeRequestMatcher - Did not match any media types
07:25:00.639 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.AndRequestMatcher - Did not match
07:25:00.639 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.util.matcher.OrRequestMatcher - No matches found
07:25:00.639 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint - No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@5b00667d
07:25:00.639 [http-nio-8080-exec-6] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
Upvotes: 0
Ibrahim Erol
Reputation: 53
And here is how we send the post request from angular2
httpPost(uri: string, dataToSent = null, options= {} ){
if(this.token) options['authorization'] = this.token;
let headers = new Headers(options);
let opt = new RequestOptions({ headers: headers});
console.log(headers);
return this.http.post(this.baseUri + uri, dataToSent, opt)
.map((response: Response) => response.json())
.catch(this.handleError);
}
login(user: {email: string, password: string}): boolean{
// TODO contact server to get user here
let url = "oauth/token?grant_type=password&username=x%x&password=x";
let encoded = btoa("x" + ":" + "x");
let options = {
Authorization: "Basic " + encoded,
username: "xx",
password: "xx",
crossDomain: true,
}
console.log("logging");
this.httpService.httpPost(url ,{},options).subscribe(
(response) => {
console.log(response);
this.router.navigate(['/'+ 5, 'admin']);
}
);
/*
Upvotes: 0
Vicky
Reputation: 21
@Order(Ordered.HIGHEST_PRECEDENCE)
Use this annotation in CORSFilter Class level.I have tried it once and now its working fine.
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CORSFilter implements Filter {
to do...
}
Upvotes: 1
Related Questions
- Spring boot + oauth2 : Full authentication is required to access this resource
- Spring Boot OAuth2 ResourceServer 401 with PermitAll
- OAuth2 With Spring Boot Unauthorized (401) Response
- Spring OAuth2 Authorization: Access Denied
- Java Spring Security: 401 Unauthorized for token OAuth2 end point
- Spring OAuth 2 Call /oauth/token Resulted in 401 (Unauthorized)
- Spring Boot 2.0.3 Oauth2 Security: Getting 401 error even when using access token in header
- Spring Boot - OAuth2 - All requests are being forbidden
- Spring Security with oAuth2 CORS issue on spring boot
- Unable to authenticate to an oauth2 server with spring oauth