CORS error with OAuth authentication in Spring server

Question

CORS error with OAuth authentication in Spring server

I have a problem with CORS when trying to authenticate with my spring server calling the "oauth / token" endpoint. The server responds with a response 401

XMLHttpRequest cannot load http://localhost:8080/oauth/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access. The response had HTTP status code 401.

This is how I call the server:

  login: function(credentials) { var data = "username=" + encodeURIComponent(credentials.username) + "&password=" + encodeURIComponent(credentials.password) + "&grant_type=password&scope=read%20write&" + "client_secret=mySecretOAuthSecret&client_id=awhyapp"; return $http.post('http://localhost:8080/oauth/token', data, { headers: { "Content-Type": "application/x-www-form-urlencoded", "Accept": "application/json", "Access-Control-Allow-Origin": "*", "Authorization": "Basic " + Base64.encode("awhyapp" + ':' + "mySecretOAuthSecret") } }).success(function (response) { var expiredAt = new Date(); expiredAt.setSeconds(expiredAt.getSeconds() + response.expires_in); response.expires_at = expiredAt.getTime(); localStorageService.set('token', response); return response; });

OauthConfigurations:

  @Override public void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll() .and() .exceptionHandling() .authenticationEntryPoint(authenticationEntryPoint) .and() .logout() .logoutUrl("/api/logout") .logoutSuccessHandler(ajaxLogoutSuccessHandler) .and() .csrf() .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")) .disable() .headers() .frameOptions().disable() .and() .authorizeRequests() .antMatchers("/api/authenticate").permitAll() .antMatchers("/api/register").permitAll() .antMatchers("...").permitAll() } }

i followed the answer in this question ( Add headers for oauth / token (spring-security) answer) , but my problem is that no matter how I configure my Filter class, these functions are never called, even if I set the highest priority using the @Order annotation.

+6

angularjs spring-boot cors oauth jhipster

sangra4l Nov 24 '15 at 17:29

source share

2 answers

bekce · Answer 1 · 2015-11-24T17:40:41+0000

Access-Control-Allow-Origin is redundant upon request. This is the response header.

In the related answer, change the part to: response.setHeader("Access-Control-Allow-Headers", "x-requested-with, Authorization, Accept, Content-Type"); This change lists the valid header values in the request that you send to the server.

I'm not sure about your spring security configuration, but you should basically allow the OPTIONS request for this endpoint to work without authentication.

Good luck.

abhi314 · Answer 2 · 2016-05-17T08:49:35+0000

Cancel cors comment in application.yml

 cors: #By default CORS are not enabled. Uncomment to enable. allowed-origins: "*" allowed-methods: GET, PUT, POST, DELETE, OPTIONS allowed-headers: "*" exposed-headers: allow-credentials: true max-age: 1800

it worked for me when I had the same error

CORS error with OAuth authentication in Spring server

More articles: