1

I have probem with Spring Boot and Cors After some searches I was able to find solutions (Spring Data Rest and Cors and How to configure CORS in a Spring Boot + Spring Security application?) which I tried but which does not solve my problem. My code for the Authentication with JWT

 public class AuthenticationFilter extends AbstractAuthenticationProcessingFilter
{
private final Logger log  =  LoggerFactory.getLogger(AuthenticationFilter.class);
private final String tokenHeader = "Authorization";
private final TokenUtils tokenUtils = new TokenUtils();

public AuthenticationFilter()
{
    super("/api/v1/**");
    tokenUtils.expiration = 86400;
    tokenUtils.secret = "papipapo123popo";
}

@Override
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException
{
    String header = httpServletRequest.getHeader(tokenHeader);
    if(header == null || !header.startsWith("Bearer "))
    {
        log.error("Not found JWT token in request headers","Not found header Authorization");
        throw new JwtTokenMissingException("No JWT token found in request headers");
    }
    String token = header.substring(7);
    JwtAuthentication jwtAuthentication = new JwtAuthentication(token);
    boolean isValid = tokenUtils.validateToken(token);
    if(!isValid)
    {
        log.error("JWT token is expired",token);
        throw new JwtTokenExpired("JWT token is expired");
    }
    return this.getAuthenticationManager().authenticate(jwtAuthentication);
}

@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException
{
    super.successfulAuthentication(request, response, chain, authResult);
    String token = ((JwtAuthentication)authResult).getToken();
    log.info("Token is authenticated : ",token);
    chain.doFilter(request, response);
}

   @Override
   protected AuthenticationManager getAuthenticationManager()
  {
    return authentication -> (JwtAuthentication) authentication;
  }
}

My code for Configuration security

@Configuration
@EnableWebSecurity
@EnableAutoConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter
{

@Inject
private EntryPointUnauthorizedHandler entryPointUnauthorizedHandler;

@Inject
private JwtAuthenticationProvider jwtAuthenticationProvider;


@Bean
@Override
public AuthenticationManager authenticationManager() throws Exception
{
    return new ProviderManager(Arrays.asList(jwtAuthenticationProvider));
}

@Bean
public AuthenticationFilter authenticationFilter() throws Exception
{
    AuthenticationFilter authenticationFilter = new AuthenticationFilter();
    authenticationFilter.setAuthenticationManager(authenticationManager());
    authenticationFilter.setAuthenticationSuccessHandler(new EntryPointSuccessHandler());
    return authenticationFilter;
}

@Bean
public FilterRegistrationBean corsFilter()
{
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    config.addAllowedOrigin("*");
    source.registerCorsConfiguration("/**",config);
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(new CorsFilter(source));
    filterRegistrationBean.setOrder(0);
    return filterRegistrationBean;
}

@Override
protected void configure(HttpSecurity http) throws Exception
{
    http
        .csrf()
            .disable()
        .exceptionHandling()
            .authenticationEntryPoint(entryPointUnauthorizedHandler)
        .and()
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .antMatchers(HttpMethod.POST,"/api/auth").permitAll()
            .anyRequest().authenticated();

    http.addFilterBefore(authenticationFilter(),UsernamePasswordAuthenticationFilter.class);
    http.headers().cacheControl();
}
}

I always receive an error 401 refused accesse. I am a beginner in Spring-Boot. You can help me.

Community
  • 1
  • 1
Christian Amani
  • 370
  • 1
  • 5
  • 14

3 Answers3

0

I solved my problem by adding a Class which implements Filter.

@Component
public class CorsConfig implements Filter
{

@Override
public void init(FilterConfig filterConfig) throws ServletException
{}

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    String method = request.getMethod();
    if(method.equals("OPTIONS") || method.equals("options"))
    {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
        response.setStatus(200);
        filterChain.doFilter(servletRequest, servletResponse);
    }
    else
    {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
        filterChain.doFilter(servletRequest, servletResponse);
    }
}

@Override
public void destroy()
{}

}
Christian Amani
  • 370
  • 1
  • 5
  • 14
0

First class:

 @Configuration
public class MyConfiguration {
    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**");
            }
        };
    }
}

Second class:

@EnableWebSecurity
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/**").authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                .anyRequest().fullyAuthenticated().and().httpBasic().and().csrf().disable();
    }
}

And be happy my friend

Raul Villalba
  • 11
  • 4
0

1: Create a class WebMvcConfig extends WebMvcConfiguration and override addCorsMappings method.

2: Don't forget to make it @Configuration annotation

 @Configuration
public class WebMvcCofig implements WebMvcConfigurer{
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/*")
                .allowedOrigins("*")
                .allowedMethods("*")
                .allowedHeaders("*")
                .allowCredentials(true);
    }
}
A.K.J.94
  • 492
  • 6
  • 14