1

I have implemented Filter for CORS in spring boot.The code is as follow:-

@SpringBootApplication
@Component
public class Application implements Filter {
public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
}

@Override
public void init(FilterConfig filterConfig) throws ServletException {

}

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;

    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");

    filterChain.doFilter(servletRequest, servletResponse);
}

@Override
public void destroy() {

}
}

To get the access_token from oauth2 I have created following object from angularjs:-

 {"url":"http://localhost:8080/oauth/token?grant_type=client_credentials&client_id=clientId&client_secret=clientSecret","headers":{"Authorization":"Basic token_value"},"withCredentials":true,"method":"POST"}

I am getting following error when I hit the server:-

OPTIONS url... 401() Response for preflight has invalid HTTP status code 401

I have looked for the solutions for similar problems in stack overflow but none of them fixed my problem.Could someone please help on this?

Ramesh Khadka
  • 484
  • 1
  • 7
  • 19
  • I have also tried the solution presented in https://stackoverflow.com/questions/40370022/response-for-preflight-has-invalid-http-status-code-401-spring but it didn't help – Ramesh Khadka Jun 20 '17 at 10:08

2 Answers2

3

Following piece of code solved my problem 

@Bean
public FilterRegistrationBean corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
    bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
    return bean;
}

The code sample is taken from https://github.com/spring-projects/spring-security-oauth/issues/938

Ramesh Khadka
  • 484
  • 1
  • 7
  • 19
0

Please read more about Preflight requests.

They simply suggest the browser if the server supports a cross-origin request. The response to such OPTIONS requests should good (i.e. < 400).

I think the statement filterChain.doFilter(servletRequest, servletResponse); is passing the request further, instead of returning a response.

You can read more about enabling CORS using Spring in Java here Enable CORS for OPTIONS request using Spring Framework

31piy
  • 23,323
  • 6
  • 47
  • 67