Why I get cors error when submitting a request to secured resource in spring boot?

Question

I have implemented spring security in my app using jwt token, I have the following configuration in spring security:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(        
        prePostEnabled = true)  
public class MSSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService userDetailsService;
    
    @Autowired
    private AuthEntryPointJwt unauthorizedHandler;
    
    @Bean
    public AuthTokenFilter authenticationJwtTokenFilter() {
        return new AuthTokenFilter();
    }
    
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }
    
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
        
    @Override
    public void configure(WebSecurity web) throws Exception {
         web.ignoring().antMatchers("/companies/UnAuth/**");
    }
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()           
            .authorizeRequests()
            .antMatchers("/companies/Auth/**").authenticated()
            .antMatchers("/companies/Auth/Update").authenticated()
            .antMatchers("/companies/Auth/Delete").authenticated();
        
        http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    }

I have the following cors annotation on the relevant controller:

@CrossOrigin(origins = "http://localhost:4200", maxAge = 3600)
@RestController
@RequestMapping("/companies")
@Slf4j
public class CompanyController {

I tried to add the following to the http interceptor in angular:

authReq.headers.set("Access-Control-Allow-Origin", "http://localhost:4200");
    authReq.headers.set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

When submitting the request from Angular 9 app I can't pass the security and I get cors error:

`Access to XMLHttpRequest at 'http://localhost:9001/companies/Auth/Update' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resourc`e.

Please read about CORS here: https://www.baeldung.com/spring-cors — Simon Martinelli, Jul 27 '21 at 07:12
Does this answer your question? [Spring security CORS Filter](https://stackoverflow.com/questions/40418441/spring-security-cors-filter) — Toerktumlare, Jul 27 '21 at 18:50

score 1 · Accepted Answer · answered Jul 27 '21 at 07:14

The request doesn't contain the 'Access-Control-Allow-Origin' header, you should add it in the headers, it allows remote computers to access the content you send via REST.

If you want to allow all remote hosts to access your api content you should add it like so:

Access-Control-Allow-Origin: *

Your can also specify a specific host:

Access-Control-Allow-Origin: http://example.com

You should modify your dependencies in the pom.xml file and allow CORS headers, appart from the Access-Control-Allow-Origin headers there are a few more that you will need to add to the request, seek more info here:

https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

Why I get cors error when submitting a request to secured resource in spring boot?

1 Answers1