Spring security REST API

Question

I'm using Spring Security REST Api with grails and AngularJS. And I tried the url request with postman and it is working fine. It is returning results back with used x-auth-token. But the same i tried with AngularJs but it not going further that OPTION request.

in 1st image here it shows that my request is being processed up to OPTION request only. in 2nd image, shows what I tried in POSTMAN. It gives the results and works fine with x-auth-token. in 3rd image, I have integrated spring security plugin as following. And it is working for "api/login" but further it fails. the 4th image shows the detail response for OPTION request and then it fails to go further.

I have written grunt connect method as following

connect: {
options: {
port: 9000,
// Change this to '0.0.0.0' to access the server from outside.
hostname: 'localhost',
livereload: 35729
},
proxies: [
{
context: '/crm/api',
host: 'localhost',
port: 8080
}
],
livereload: {
options: {
open: true,
base: [
'.tmp',
'<%= yeoman.app %>'
]
}
},
test: {
options: {
port: 9001,
base: [
'.tmp',
'test',
'<%= yeoman.app %>'
]
}
},
dist: {
options: {
base: '<%= yeoman.dist %>'
}
}
}

Still I have the same error.

Answer 1

This is a cross-domain issue.

Your webpage is on localhost:9000 and your backend is localhost:8080 . These are technically 2 different domains, so you will need to either enable cross origin requests, or use a proxy to make requests forward to port 8080 .

It looks like you're using grunt, so I would suggest setting up the proxy. I use grunt-connect-proxy to setup forwarding to my backend port:

connect: {
  options: {
    port: 9000,
    hostname: 'localhost',
    livereload: 35729
  },
  proxies: [
    {
      context: '/crm/api',
      host: 'localhost',
      port: 8080
    }
  ]
}

Answer 2

As explained by agerco , the issue is cross domain issue.

For the solution, refer to this Spring Guide : Enabling Cross Origin Requests for a RESTful Web Service .

As explained in above guide, you'll need to add a Filter bean in your application context.

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;

@Component
public class SimpleCORSFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "localhost:9000"); // Client URL
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
        chain.doFilter(req, res);
    }

    public void init(FilterConfig filterConfig) {}

    public void destroy() {}

}