1

So I have a spring server in which I have implemented the following configuration: 

@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    private static String REALM="Authentication";

    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {

        auth.inMemoryAuthentication().withUser("cris").password("123").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("felix").password("felix123").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.
                httpBasic().and()
                .authorizeRequests()
                .antMatchers("/user", "/vehicles", "/signin").permitAll()
                .anyRequest().authenticated().and()
                .csrf()
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    }

}

I have the following interface

@RequestMapping("logs")
public interface LogController {

    @RequestMapping(value = "", method = RequestMethod.GET)
    ResponseEntity getLogs();
}

And it's implementation: 

@CrossOrigin(origins = "*", exposedHeaders = {"x-auth-token", "x-requested-with"}, allowedHeaders="*", allowCredentials = "true")
@RestController(  )
public class LogControllerImpl implements LogController {

    @Autowired
    LogService logService;

    //Get all logs
    public ResponseEntity getLogs() {

        List<LogEntityDTO> allLogs = logService.getAllLogs();
        if (allLogs == null)
            return ResponseEntity.notFound().build();

        HttpHeaders responseHeaders = new HttpHeaders();
        responseHeaders.set("authenticated", "you");

        return ResponseEntity.ok(allLogs);
    }

In angular2 I make a request as following:

sendAuthentification(credentials: string): Observable {

var headers = new Headers();

headers.append('Authorization', 'Basic ' +  btoa('cris:123'));
headers.append('Content-Type', 'application/x-www-form-urlencoded');
headers.append('withCredentials', 'true');

return this.http.get(this.requestService.getPath() + "/logs", {headers});

}

The problem is that when I make the request from Angular2 the response has the following headers (pragma, content-type, cache control, expires ) :
enter image description here

But in reality the response headers from the server are the following:
enter image description here

The expected behaiviour would be the for the JSESSIONID and XSRF-TOKEN to be saved automatically in browser as cookies, but it does not do that.
And the problem is that with angular2 I can not access the Get-Cookie header to try to manually save the cookies.

NOTE: If I try to make the request from the browser directly (without the angular2 app) the browser stores automatically the JSESSIONID and XSRF-TOKEN as cookies.

So is this problem an angular2 problem or a spring server configuration problem? And how can get the JSESSIONID and XSRF-TOKEN from angular2?

Cristian
  • 1,590
  • 5
  • 23
  • 38
  • 1
    For one thing `withCredentials` isn't a header, it's a separate part of the [`RequestOptions`](https://angular.io/docs/ts/latest/api/http/index/RequestOptions-class.html). – jonrsharpe Jan 09 '17 at 09:00
  • check http://stackoverflow.com/a/40110692/1134197 – aycanadal Jan 10 '17 at 14:36

0 Answers0