Untitled

@Component
public final class CustomFilter extends OncePerRequestFilter implements Filter, InitializingBean {

    @Override
    protected final void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {

        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers",
                "Content-Type, Accept, X-Requested-With, remember-me, Authorization, x-auth-token");

        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            filterChain.doFilter(request, response);
        }
    }
}

@Configuration
@EnableResourceServer
@Order(Ordered.HIGHEST_PRECEDENCE)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Autowired
    private CustomFilter customFilter;


    @Override
    public void configure(HttpSecurity http) throws Exception {

        http
                .addFilterBefore(customFilter, BasicAuthenticationFilter.class)
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)

                .and().authorizeRequests()

                .anyRequest().authenticated()

                .and()
                .formLogin()
                .loginPage("/login")
                .permitAll()
                .successHandler(successHandler())
                .failureHandler(failHandler)
                .and()

                .logout()
                .permitAll()

                .and().exceptionHandling().authenticationEntryPoint(entryPoint)

//                .and().cors().configurationSource(this.corsConfigurationSource()) - didn't work.
//

                .and().csrf()
                .disable()
        ;
    }

//    @Bean
//    public CorsConfigurationSource corsConfigurationSource() { -- didn't work.
//        CorsConfiguration configuration = new CorsConfiguration();
//        configuration.setAllowedOrigins(Collections.singletonList("*"));
//        configuration.setAllowedMethods(Collections.singletonList("*"));
//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//        source.registerCorsConfiguration("/**", configuration);
//        return source;
//    }

    @Bean
    public FilterRegistrationBean corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config);
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(0);
        return bean;
    }
.......
 }

POST /v1/oauth/token?grant_type=password&username=testuser&password=testpassword HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Content-Length: 52
Accept: application/json, text/plain, */*
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-EN,en;q=0.9,en-US;q=0.8,en;q=0.7

{"timestamp":"2018-07-30T09:07:14.736+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/v1/oauth/token"}

GET /v1/user/0ec9f59c-1fac-4604-8a7b-490488cbce33 HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Accept: application/json, text/plain, */*
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-EN,en;q=0.9,en-US;q=0.8,en;q=0.7

{"timestamp":"2018-07-30T09:07:14.736+0000","status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/v1/users/0ec9f59c-1fac-4604-8a7b-490488cbce33"}