Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- XMLHttpRequest cannot load http://localhost:8080/login.
- Response to preflight request doesn't pass access control check:
- No 'Access-Control-Allow-Origin' header is present on the requested resource.
- Origin 'http://localhost:3000' is therefore not allowed access.
- The response had HTTP status code 403.
- check(name: string, password: string): boolean {
- let headers = new Headers();
- headers.append('Content-Type', 'application/x-www-form-urlencoded');
- headers.append('Access-Control-Allow-Origin','*');
- let options = new RequestOptions({headers:headers,withCredentials:true});
- if(this.http.post(this.baseUrl,
- `username=${name}&password=${password}`,
- {headers:headers})
- .toPromise().then(response=> {
- return {}
- }))
- return true;
- return false;
- }
- @Configuration
- @EnableWebMvc
- class WebConfig extends WebMvcConfigurerAdapter {
- @Override
- public void addCorsMappings(CorsRegistry registry) {
- registry.addMapping("/**")
- .allowedOrigins("http://localhost:8080","http://localhost:3000")
- .allowedMethods("PUT","DELETE","POST")
- .allowedHeaders("header1", "header2", "header3")
- .exposedHeaders("header1", "header2");
- }
- @Override
- public void addViewControllers(ViewControllerRegistry registry) {
- registry.addViewController("/login").setViewName("login");
- }
- }
- @Configuration
- @EnableWebSecurity
- public class SecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private RESTLoginSuccessHandler loginSuccessHandler;
- @Autowired
- private RestLogoutSuccessHandler logoutSuccessHandler;
- @Override
- protected void configure(HttpSecurity httpSecurity) throws Exception {
- //deactivate CSRF and use custom impl for CORS
- httpSecurity
- .csrf().disable()
- .addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class);
- //authorize, authenticate rest
- httpSecurity
- .authorizeRequests()
- .anyRequest().hasRole("USER")
- .and()
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
- .and()
- .formLogin().usernameParameter("username").passwordParameter("password").loginPage("/login").successHandler(loginSuccessHandler).permitAll()
- .and().logout().logoutSuccessHandler(this.logoutSuccessHandler).permitAll();
- }
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- auth.inMemoryAuthentication().withUser("rano").password("1234").roles("USER");
- auth.inMemoryAuthentication().withUser("admin").password("admin").roles("USER", "ADMIN");
- }
- }
- @Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest req = (HttpServletRequest) servletRequest;
- HttpServletResponse resp = (HttpServletResponse) servletResponse;
- String origin = req.getHeader("Origin");
- if (origin != null && origin.matches(".*")) {
- resp.addHeader("Access-Control-Allow-Origin", origin);
- if ("options".equalsIgnoreCase(req.getMethod())) {
- resp.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
- if (origin != null) {
- String headers = req.getHeader("Access-Control-Request-Headers");
- String method = req.getHeader("Access-Control-Request-Method");
- resp.addHeader("Access-Control-Allow-Methods", method);
- resp.addHeader("Access-Control-Allow-Headers", headers);
- // optional, only needed if you want to allow cookies.
- resp.addHeader("Access-Control-Allow-Credentials", "true");
- }
- resp.getWriter().flush();
- return;
- }
- else {
- resp.addHeader("Access-Control-Allow-Credentials", "true");
- resp.setContentType("application/json");
- }
- }
- // Fix ios6 caching post requests
- if ("post".equalsIgnoreCase(req.getMethod())) {
- resp.addHeader("Cache-Control", "no-cache");
- }
- if (chain != null) {
- chain.doFilter(req, resp);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement