[keycloak-user] Help : Problem with CORS - Spring boot - Angular 2

Cyril Casaucau raiden0610 at gmail.com
Wed Jun 1 02:26:03 EDT 2016 

Hello,
I have a problem to secure my webservice REST.
I have a spring boot application who is a Webservice REST and an angular 2
application who call the webservice.
I'm using the keycloak-spring-security-adapter with this configuration :

@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
{
    /**
     * Registers the KeycloakAuthenticationProvider with the
authentication manager.
     */
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
        auth.authenticationProvider(keycloakAuthenticationProvider());
    }

    /**
     * Defines the session authentication strategy.
     */
    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new NullAuthenticatedSessionStrategy();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        super.configure(http);
        http
                .authorizeRequests()
                .antMatchers("/userFacade*").hasRole("user")
                .anyRequest().permitAll();
    }
}

And i have configured CORS in the spring boot config like this :

@Bean
 public WebMvcConfigurer corsConfigurer() {
     return new WebMvcConfigurerAdapter() {
         @Override
         public void addCorsMappings(CorsRegistry registry) {
             registry.addMapping("/userFacade/**")
                     .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")

.allowedOrigins("*").allowedHeaders("Authorization", "Content-Type",
"X-Requested-With");
         }
     };
 }

The endpoint :

@RestController
@RequestMapping("/userFacade")
public class UserFacade {

    @Autowired
    private UserService userService;

    @RequestMapping(method = RequestMethod.GET, value = "/getAllUsers")
    public List<UserDTO> getAllUsers() {
        return userService.getAllUsers();
    }
}

When i make the call on the frontend, chrome tell me this :

XMLHttpRequest cannot load http://localhost:8080/userFacade/getAllUsers.
The request was redirected to 'http://localhost:8080/', which is disallowed
for cross-origin requests that require preflight.

My headers on the frontend side :
this.headers.append('Authorization', 'BEARER ' +
localStorage.getItem('token'));
    this.headers.append('Content-Type', 'application/json');
    this.headers.append('X-Requested-With', 'XMLHttpRequest');

I have tried a lot of things like using the keycloak-spring-boot-adapter
but same kind of error.

Can you help me ?

Thanks,

Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160601/45ef5990/attachment-0001.html

More information about the keycloak-user mailing list