0

My controller :

    @CrossOrigin(origins="http://localhost:3000") 
        @RequestMapping(value="", method = RequestMethod.GET)
        public ResponseEntity<List<Client>> getAllClients(/*@RequestParam("page") int page, @RequestParam("size") int size*/) {

            List<Client> clientList = services.getClientsList(/*page,size*/);
            if(clientList != null) {
                return new ResponseEntity<>(clientList, HttpStatus.OK);
            }else{
                return  new ResponseEntity<>(HttpStatus.BAD_REQUEST);
            }
        }

my application.java : showing how I also tried to use bean CorsFilter,I also tried to use @CrossOrigin, but still I cannot win against this evil 401, I do understand why would spring say @CrossOrigin is straight forward when its not even working, whats going on with false information spring framework is giving people, because trully speaking, @CrossOrigin was just suppose to just work straight away, this security feature sucks maaan!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

@SpringBootApplication
@EnableJpaRepositories("com.mycompany.Product.repositories")
public class ProductApplication {

@Bean
public FilterRegistrationBean processCorsFilter(){

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();

config.setAllowCredentials(true);
config.addAllowedOrigin("*");             
config.addAllowedHeader("*");
config.addAllowedMethod("*");

source.registerCorsConfiguration("/**", config);                      
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);

return bean;

}

/*
    @Bean
    CorsConfigurationSource corsConfiguarationSource(){

        CorsConfiguration configurations = new CorsConfiguration();

        configurations.setAllowedOrigins(Arrays.asList("*"));
        configurations.setAllowCredentials(true);
        configurations.setAllowedHeaders(Arrays.asList("Allow-Control-Allow-Headers","Allow-Control-Allow-Origin","Access-Control-Request-Method","Allow-Control-Request-Headers","Origin","Cache-Origin","Content-Type", "Authorization"));
        configurations.setAllowedMethods(Arrays.asList("DELETE","GET","POST","PATCH","PUT"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configurations);
        return  source;
    }
    /*
    @Bean
    public WebMvcConfigurer corsConfigurer(){

        return new WebMvcConfigurerAdapter(){        
            public void addCorsMappings(CorsRegistry registry){
                registry.addMapping("/client").allowedOrigins("http://localhost:3000");
            }
        };
    }*/

Application properties file :

server.port = 8009
spring.datasource.url = jdbc:mysql://localhost:3306/javaumsdb?useSSL=false
spring.datasource.username = root
spring.datasource.password = 
spring.datasource.driver-class-name=com.mysql.jdbc.Driver


spring.jpa.properties.dialect = org.hibernate.dialect.MySQL5Dialect
spring.jpa.hibernate.ddl-auto = none
spring.jpa.show-sql=true
spring.datasource.name=javaumsdb
spring.datasource.validationQuery = SELECT 1
spring.datasource.whileIdle = true
spring.jpa.hibernate.naming-strategy = org.hibernate.cfg.ImprovedNamingStrategy


security.basic.enabled =false
management.security.enabled = false

POM file, perhaps my spring version is not compatible with @CrossOrigin : I really dont understand why this error is NOT going away...

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>org.springframework</groupId>
    <artifactId>gs-rest-service-cors</artifactId>
    <version>0.1.0</version>

    <name>Product</name>
    <description> project for Spring Boot</description>
        <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.3.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
                                <!-- https://mvnrepository.com/artifact/org.springframework/spring-core -->
                <dependency>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-core</artifactId>
                    <version>5.0.8.RELEASE</version>
                </dependency>

                 <dependency>
                       <groupId>com.transactioncompany</groupId>
                       <artifactId>cors-filter</artifactId>
                       <version>2.1.2</version>
                </dependency>
                <dependency>
                       <groupId>com.transactioncompany</groupId>
                       <artifactId>java-property-utils</artifactId>
                       <version>1.9.1</version>
                </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-neo4j</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-rest</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-integration</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-jdbc</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-mail</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency> 
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
        </dependency>

        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <scope>runtime</scope>
        </dependency>
                <dependency>
                        <groupId>org.hibernate</groupId>
                        <artifactId>hibernate-entitymanager</artifactId>
                        <version>5.2.3.Final</version>
                </dependency>
                <dependency>
                        <groupId>org.hibernate</groupId>
                        <artifactId>hibernate-core</artifactId>
                        <version>5.2.17.Final</version>
                </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>io.projectreactor</groupId>
            <artifactId>reactor-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
                <dependency>
                        <groupId>org.codehaus.plexus</groupId>
                        <artifactId>plexus</artifactId>
                        <version>3.3.1</version>
                </dependency>
                <!-- https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-utils -->
                <dependency>
                        <groupId>org.codehaus.plexus</groupId>
                        <artifactId>plexus-utils</artifactId>
                        <version>3.1.0</version>
                </dependency>

                <!-- https://mvnrepository.com/artifact/org.codehaus.mojo/exec-maven-plugin -->
                <dependency>
                        <groupId>org.codehaus.mojo</groupId>
                        <artifactId>exec-maven-plugin</artifactId>
                        <version>1.6.0</version>
                </dependency>

               <!-- <dependency>
                    <artifactId>gwt-maven-plugin</artifactId>
                    <groupId>org.codehaus.mojo</groupId>
                    <version>1.3.1</version>
                </dependency> -->
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
                        <plugin>
                                <groupId>org.codehaus.mojo</groupId>
                                <artifactId>exec-maven-plugin</artifactId>
                        </plugin>
        </plugins>
    </build>
</project>
Neo Sono
  • 186
  • 1
  • 4
  • 18
  • A 401 error has absolutely nothing to do with CORS. It just means you're not authenticated, and trying to access a resource that requires you to be. – JB Nizet Jul 29 '18 at 15:41
  • 401 means unauthorized, check for your request headers or authentication mechanizm. – Emre Savcı Jul 29 '18 at 15:43
  • I have been redirected to localhost:8080/login after I logged in using username = user and password = random string generated by spring logs ... i just see the clients infor but nothing happens on my port 3000/angular ... How do i authenticate or bypass this issue ... Thanks for your help in advance. – Neo Sono Jul 29 '18 at 15:44
  • In post man I get 401 and In browser i get 302... ; browser says i have been redirected and there not allowed access to localhost:8009/client – Neo Sono Jul 29 '18 at 15:47
  • I am lost @Emre what do you mean by authentication mechanizm? Am I suppose to be loggen in ussing one of users in my database ? – Neo Sono Jul 29 '18 at 15:51
  • Below is what I get , but what does this means : Cache-Control →no-cache, no-store, max-age=0, must-revalidate Content-Type →application/json;charset=UTF-8 Date →Sun, 29 Jul 2018 15:50:43 GMT Expires →0 Pragma →no-cache Set-Cookie →JSESSIONID=60C799FC3C254D58FEF07525FAEAC823; Path=/; HttpOnly Transfer-Encoding →chunked WWW-Authenticate →Basic realm="Realm" X-Content-Type-Options →nosniff X-Frame-Options →DENY X-XSS-Protection →1; mode=block – Neo Sono Jul 29 '18 at 15:52
  • Did you create a Security configuration file? – Januka samaranyake Jul 29 '18 at 15:52
  • I just googled : security.user.name=user security.basic.enabled=true will this solve my issue ? – Neo Sono Jul 29 '18 at 15:54
  • @NeoSono follow this (https://stackoverflow.com/questions/35600488/how-to-override-spring-security-default-configuration-in-spring-boot) – Januka samaranyake Jul 29 '18 at 15:58
  • Remove the dependencies to plexus-utils, plexus, and exec-maven-plugin (apart from being simply wrong a plugin as dependency) ...remove the execution of exec-maven-plugin cause spring-boot-maven-plugin will handle that... – khmarbaise Jul 29 '18 at 16:04
  • I wasnt aware, app was failling to start until I had to add those... but is it part of the current issue ? – Neo Sono Jul 29 '18 at 16:12
  • @Januka samaranyake can you advice what I need to do, I saw the post about (stackoverflow.com/questions/35600488/…) but nothing changed after I copied the same source code in accepted solution And update urls... – Neo Sono Jul 30 '18 at 08:54
  • How must I authenticate to be able to view data on different server guys, please assist, thanks in advance. – Neo Sono Jul 30 '18 at 09:06
  • Finally a guy come up with a one liner see ... https://stackoverflow.com/questions/36968963/how-to-configure-cors-in-a-spring-boot-spring-security-application/37610988#37610988 – Neo Sono Aug 21 '18 at 09:39

1 Answers1

0

Have you provide implementation for WebMvcConfigurer. please create this configuration class & try.

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

@Override
public void addCorsMappings(CorsRegistry registry) {
   registry.addMapping("/**").allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", 
"PATCH");
  }
}
Priyanthan Thuraisingam
  • 21
  • 1
  • I have done that before, If you check on my application.Java I had tried that and it didnt work... However in post man I was able to get 200OK using get request with basic auth. does this mean I have to send basic auth for every request I make from angular to java, – Neo Sono Jul 31 '18 at 08:22
  • I have added btao headers.Now I am still getting 401 but different mesaage : Failed to load http://localhost:8009/client: Response for preflight has invalid HTTP status code 401... Can anybody explain this part, do I need to ignore Options in my back end or ? I can smell that we are very close to the solution – Neo Sono Jul 31 '18 at 09:08