Spring Boot Security Authentication - No Authentication header sent

Question

I have a Spring boot application where the endpoints are authenticated via Kerberos.

Everything works fine as long as i send the requests from my server as host : https://hostname.domain.com/test sends POST https://hostname.domain.com/endpoint

But when i change the hostname to another one, it stops working.

https://hostname2.domain.com/test sends POST https://hostname.domain.com/endpoint

The client does not send the Authentication Header (tries anonym), therefore the authentication fails. The user is still on the same machine, just on another host inside the same domain.

I allowed cors for testing like this, but it didn't solve the problem:

@Bean
    CorsConfigurationSource corsConfigurationSource () {

        UrlBasedCorsConfigurationSource source;
        source = new UrlBasedCorsConfigurationSource();

        CorsConfiguration configuration = new CorsConfiguration();
        List<String> all = Collections.singletonList("*");
        configuration.setAllowedOrigins(all);
        configuration.setAllowedMethods(all);
        configuration.setAllowedHeaders(all);

        source.registerCorsConfiguration("/**", configuration);
        return source;

    }

For some reason the client ignores WWW-Authenticate : negotiate and does not reply with a Authentication Header.

I'm not that much into these network issues, so i might confuse i few things here, but i hope you get the problem.

Answer 1

Found the problem. You need to disable authentication for options method.

See the following questions for additional information:

Authorization header not sent with http request angular 6 with OPTIONS method

Disable Spring Security for OPTIONS Http Method