对Spring的Angular登录请求以安全性为基础

Question

I am very new in Spring security. I am confused about the Spring rest security but could not find any full solution. I have following scenario:

1) I have created the angular js service which makes a $http call to the spring rest.

2) I want spring security to intercept this url(/login) and give me response back accordingly.

What I tried if I am accessing the url directly http://localhost:8123/SpringMVC/login then its working fine, it's asking for username and password and after entering the correct user, password I got the result but same thing I am doing from AngularJs; it's giving me the following error

angular.js:10514 OPTIONS http://localhost:8123/SpringMVC/rest/login/ (anonymous function) @ angular.js:10514sendReq @ angular.js:10333serverRequest @ angular.js:10045processQueue @ angular.js:14567(anonymous function) @ angular.js:14583$eval @ angular.js:15846$digest @ angular.js:15657$apply @ angular.js:15951bootstrapApply @ angular.js:1633invoke @ angular.js:4450doBootstrap @ angular.js:1631bootstrap @ angular.js:1651angularInit @ angular.js:1545(anonymous function) @ angular.js:28359trigger @ angular.js:2996eventHandler @ angular.js:3271
localhost/:1 XMLHttpRequest cannot load http://localhost:8111/SpringMVC/rest/categories/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8234' is therefore not allowed access. The response had HTTP status code 401.

Please suggest how to configure the header correctly in fronend as well as backend both angular and rest application are running on different server.

This is in SecurityConfiguration.java

@Override
    protected void configure(HttpSecurity http) throws Exception {
         http
            .httpBasic()
          .and()
            .authorizeRequests()
              .antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll()
              .anyRequest().authenticated();


    }

This is what I am doing in Entry Point:

@Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException authException) throws IOException, ServletException {
    //prevent default behaviour
        if (request.getMethod().equals("OPTIONS")) {
         response.addHeader("Access-Control-Allow-Origin", "*");
            response.addHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE");
            response.addHeader("Access-Control-Max-Age", "3600");
            response.addHeader("Access-Control-Allow-Headers",
                    " Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");

        }
        else
        {
            System.out.println("hello from server");
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
        }
    }

Answer 1

Try adding-

response.setHeader("Access-Control-Request-Headers", "X-Requested-With, Content-Type, Accept");

Also update

response.addHeader("Access-Control-Allow-Headers",
                    " Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN");

to

response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept,AUTH-TOKEN, Authorization");`