Hello,
I have a problem to secure my webservice REST.
I have a spring boot application who is a Webservice REST and an angular 2
application who call the webservice.
I'm using the keycloak-spring-security-adapter with this configuration :
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
{
/**
* Registers the KeycloakAuthenticationProvider with the
authentication manager.
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
/**
* Defines the session authentication strategy.
*/
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.authorizeRequests()
.antMatchers("/userFacade*").hasRole("user")
.anyRequest().permitAll();
}
}
And i have configured CORS in the spring boot config like this :
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/userFacade/**")
.allowedMethods("GET", "POST", "PUT",
"DELETE", "OPTIONS")
.allowedOrigins("*").allowedHeaders("Authorization",
"Content-Type",
"X-Requested-With");
}
};
}
The endpoint :
@RestController
@RequestMapping("/userFacade")
public class UserFacade {
@Autowired
private UserService userService;
@RequestMapping(method = RequestMethod.GET, value = "/getAllUsers")
public List<UserDTO> getAllUsers() {
return userService.getAllUsers();
}
}
When i make the call on the frontend, chrome tell me this :
XMLHttpRequest cannot load
http://localhost:8080/userFacade/getAllUsers.
The request was redirected to 'http://localhost:8080/', which is disallowed
for cross-origin requests that require preflight.
My headers on the frontend side :
this.headers.append('Authorization', 'BEARER ' +
localStorage.getItem('token'));
this.headers.append('Content-Type', 'application/json');
this.headers.append('X-Requested-With', 'XMLHttpRequest');
I have tried a lot of things like using the keycloak-spring-boot-adapter
but same kind of error.
Can you help me ?
Thanks,
Best regards,