Issue
I have created account with spring security , I have test the functionality with Postman and my frontend it's works good, then I try to login and every time I redirected to login , it's like a problem of authorization
from frontend I get this error:
Access to XMLHttpRequest at 'http://192.168.43.216:8080/login' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
This my WebSecurityConfig.java
package com.pi.MinuteBrico.security.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import com.pi.MinuteBrico.services.AppUserService;
@Configuration
//@AllArgsConstructor
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final AppUserService appUserService;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
public WebSecurityConfig(AppUserService appUserService,
BCryptPasswordEncoder bCryptPasswordEncoder) {
super();
this.appUserService = appUserService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/registration/**"/*,SecurityConstraint.ROLE_ALL_AUTHENTICATED_USE*/)
.permitAll()
.anyRequest()
.authenticated().and()
.formLogin();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider());
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider provider =
new DaoAuthenticationProvider();
provider.setPasswordEncoder(bCryptPasswordEncoder);
provider.setUserDetailsService(appUserService);
return provider;
}
}
**This what Happen when I try to test Post method for login http://localhost:8080/login on postman **
[![enter image description here][1]][1]
Solution
The cors (Cross Origin Resource Sharing) filter is added in your spring security configuration when you add http.cors(). This means only from same origin request will be servered. To add cross origin request to be served you need to add configuration for that. Add below bean to your SecurityConfiguration. For more deails check the link
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("https://localhost:300")); //URLs you want to allow
configuration.setAllowedMethods(Arrays.asList("GET","POST")); //methods you want to allow
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
Answered By - hiren
Answer Checked By - David Goodson (JavaFixing Volunteer)
