angularjs - Can't set Authentication Header with Angular and Spring Security -


i'm having trouble getting angular, cors, springsecurity , basic authentication play nicely. have following angular ajax call i'm trying set header include basic authorization header in request.

var headerobj = {headers: {'authorization': 'basic am9lonnly3jlda=='}}; return $http.get('http://localhost:8080/mysite/login', headerobj).then(function (response) {     return response.data; });

i running angular app on localhost:8888 , backend server on localhost:8080. had add cors filter server side spring mvc. created filter , added web.xml.

web.xml

<filter>     <filter-name>corsfilter</filter-name>     <filter-class>com.abcinsights.controller.simplecorsfilter</filter-class> </filter> <filter-mapping>     <filter-name>corsfilter</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>

corsfilter

public class simplecorsfilter extends onceperrequestfilter {  @override public void dofilterinternal(httpservletrequest req, httpservletresponse res, filterchain chain) throws ioexception, servletexception {     enumeration<string> headernames = req.getheadernames();     while(headernames.hasmoreelements()){         string headername = headernames.nextelement();         system.out.println("headername " + headername);         system.out.println("headerval " + req.getheader(headername));     }                    httpservletresponse response = (httpservletresponse) res;     response.setheader("access-control-allow-origin", "*");      response.setheader("access-control-allow-methods", "post, get, options, delete");     response.setheader("access-control-max-age", "3600");     response.setheader("access-control-allow-headers", "origin, x-requested-with, content-range, content-disposition, content-type, authorization");     chain.dofilter(req, res); }    }

this works fine , when @ header names/values see authorization header basic value , hard coded base64 string.

so tried add springsecurity use authorization header basic authentication. here's web.xml , spring security config spring security added in.

updated web.xml

<listener>     <listener-class>org.springframework.web.context.contextloaderlistener</listener-class> </listener>  <context-param>     <param-name>contextconfiglocation</param-name>     <param-value>/web-inf/config/security-config.xml</param-value> </context-param>  <filter>   <filter-name>springsecurityfilterchain</filter-name>   <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class> </filter>  <filter-mapping>   <filter-name>springsecurityfilterchain</filter-name>   <url-pattern>/*</url-pattern> </filter-mapping>

security-config.xml

<http auto-config="true" use-expressions="false">     <intercept-url pattern="/**" access="role_user" />     <http-basic/>     <custom-filter ref="corshandler" before="security_context_filter"/> </http>  <beans:bean id="corshandler" class="com.abcinsights.controller.simplecorsfilter"/>  <authentication-manager>     <authentication-provider>         <jdbc-user-service data-source-ref="datasource"/>     </authentication-provider> </authentication-manager>

as can see, had add cors filter front of spring security filter chain (i removed web.xml). seems working in sense cors filter still gets called when make request. request coming ajax call no longer has authorization header added in. when remove springsecurity filter chain , put cors filter web.xml authorization header comes back. i'm @ loss wondering if has preflight communication working 1 way when cors filter stand alone in web.xml , way when in spring security filter chain? appreciated.

thanks

the problem angular sending http options request without http authorization header. spring security processing request , sending 401 unauthorized response. angular app getting 401 response spring on options request rather 200 response telling angular go ahead , send post request did have authorization header in it. fix to

a) put corsfilter , springsecurity filter in web.xml (rather having cors filter called within spring). not 100% sure made difference that's final web.xml looked like.

b) added code below link cors filter doesn't delegate springsecurity options request types.

this post got me sorted out: standalone spring oauth2 jwt authorization server + cors

here's code:

web.xml

<display-name>abc insights</display-name> <servlet>     <servlet-name>abcinsightsservlet</servlet-name>     <servlet-class>org.springframework.web.servlet.dispatcherservlet</servlet-class>     <init-param>         <param-name>contextconfiglocation</param-name>         <param-value>/web-inf/config/servlet-config.xml</param-value>     </init-param>  </servlet> <servlet-mapping>     <servlet-name>abcinsightsservlet</servlet-name>     <url-pattern>/</url-pattern> </servlet-mapping>  <!--  stand alone cross origin resource sharing authorization configuration --> <filter>     <filter-name>corsfilter</filter-name>     <filter-class>com.abcinsights.controller.simplecorsfilter</filter-class> </filter> <filter-mapping>     <filter-name>corsfilter</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>        <!--  spring security configuration --> <listener>     <listener-class>org.springframework.web.context.contextloaderlistener</listener-class> </listener> <context-param>     <param-name>contextconfiglocation</param-name>     <param-value>/web-inf/config/security-config.xml</param-value> </context-param>     <filter>     <filter-name>springsecurityfilterchain</filter-name>     <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class> </filter> <filter-mapping>     <filter-name>springsecurityfilterchain</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>

here cors filter:

public class simplecorsfilter extends genericfilterbean {     @override     public void dofilter(servletrequest req, servletresponse res, filterchain chain) throws ioexception, servletexception {         httpservletrequest request = (httpservletrequest) req;         httpservletresponse response = (httpservletresponse) res;                response.setheader("access-control-allow-origin", "*");          response.setheader("access-control-allow-methods", "post, get, options, delete");         response.setheader("access-control-max-age", "3600");         response.setheader("access-control-allow-headers", "origin, x-requested-with, content-range, content-disposition, content-type, authorization, x-csrf-token");            if ("options".equalsignorecase(request.getmethod())) {             response.setstatus(httpservletresponse.sc_ok);         } else {             chain.dofilter(req, res);         }                } }

here angular code:

var login = function (credentials) {     console.log("credentials.email: " + credentials.email);     console.log("credentials.password: " + credentials.password);      var base64credentials = base64.encode(credentials.email + ':' + credentials.password);      var req = {         method: 'get',         url: 'http://localhost:8080/abcinsights/loginpage',         headers: {             'authorization': 'basic ' + base64credentials         }     }      return $http(req).then(function (response) {         return response.data;     });         };

hope helps.


Comments

Post a Comment

Popular posts from this blog

powershell Start-Process exit code -1073741502 when used with Credential from a windows service environment -

i'm running strange behavior powershell start-process call. here call: $process = start-process ` "c:\somepath\mybinary.exe" ` -passthru ` -credential $defaultcredential ` -wait ` -workingdirectory "c:\somepath" ` -loaduserprofile if ($process.exitcode -ne 0) { #do } this call return exit code - 1073741502 . after quick search, exit code seems related generic error when program not load required dll (aka. status_dll_init_failed ). when run without -credential $credential program runs correctly. in order isolate problem, manually launched some.exe in prompt target credential , runs smoothly. so problem seems come way start-process cmdlet launch process. i found potential solutions problem tried apply no luck : link , link . would have idea of what's going on here ? edit 1: run proc mon monitoring program activities when launched directly or via powershell script. problem seems occur when loading kernelbase
Read more

twig - Using Twigbridge in a Laravel 5.1 Package -

i'm trying create laravel 5.1 package uses twigbridge instead of .php views. can normal .php views display fine, when try make use of .twig templates i'm met error. possible use twigbridge templates when creating views laravel package or pretty stuck blade , php ? edit 1: loading twig template without extending works. it's when start using {% extends 'file' %} error comes out. i error error loading /virtual/laravel/packages/username/mypackage/src/views/sample.twig: template "templates.master" not defined () in "/virtual/laravel/packages/username/mypackage/src/views/sample.twig" @ line 1. my folders username |_ mypackage |_ src |_ controllers - samplecontroller.php |_ views |_ templates - master.twig - sample.twig twig template sample.twig {% extends 'templates.master' %} {% block content %} {{ parent()
Read more

c# - LINQ join Entities from HashSet's, Join vs Dictionary vs HashSet performance -

i have hashset's each stores t, have written test application compares different relation algorithms can think of, i'm not pleased results getting. does there exist more efficient ways of achieving object relations, once testing? using system; using system.collections.generic; using system.linq; using system.text; using system.threading.tasks; using system.diagnostics; namespace linqtests { class program { static void main(string[] args) { hashset<user> usertable = new hashset<user>(); hashset<userproperty> userpropertytable = new hashset<userproperty>(); #region lets create dummy data. console.writeline("please wait while creating dummy data, can take while..."); console.writeline(""); int rows = 1000000; for(int x = 0; x < rows; x++) { random rnd = new random(); // ad
Read more