AngularJS SpringSecurity CORS issue

Question

Я настраиваю модуль «Угловая + весна» для входа и регистрации пользователей. Когда я регистрирую пользователя, все в порядке. Последний шаг после того, как регистр автоматически войти, но у меня эта ошибка:

XMLHttpRequest cannot load http//localhost:8080/com-tesis/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http//localhost:9000' is therefore not allowed access. The response had HTTP status code 401.

В angularJs побочные услуги:

.factory("sessionAccountService", function($http){ 
     var session = {}; 
     session.login = function(data){ 
      return $http.post("http://localhost:8080/com-tesis/login", 
           "username="+data.name+"&password="+data.password, 
           {headers: {"Access-Control-Allow-Headers":"Content-Type"}} 
      ).then(function(data){ 
       alert("loggin correcto"); 
       localStorage.setItem("session",{}); 
      }, function(data){ 
       alert("error login in"); 
      }); 

     }; 
     session.logout = function(){ 
      localStorage.removeItem("session"); 
     }; 
     session.isLoggedIn = function(){ 
      return localStorage.getItem("session") !== null; 
     } 
     return session; 
    }) 
    .factory("accountService", function($resource){ 
     var service = {}; 
     service.register = function(account, success, failure){ 
      var Account = $resource("http://localhost:8080/com-tesis/rest/accounts"); 
      Account.save({},account,success,failure); 
     }; 
     service.userExists = function(account, success, failure){ 
      var Account = $resource("http://localhost:8080/com-tesis/rest/accounts"); 
      var data = Account.get({name:account.name}, function(){ 
       var accounts = data.accounts; 
       if (accounts.length !== 0){ 
        success(accounts[0]); 
       } else { 
        failure(); 
       } 
      }, 
      failure); 
     } 
     return service; 
    }); 

Это CORS фильтр реализован на серверной стороне:

package tesis.core.security; 

import java.io.IOException; 
import javax.servlet.Filter; 
import javax.servlet.FilterChain; 
import javax.servlet.FilterConfig; 
import javax.servlet.ServletException; 
import javax.servlet.ServletRequest; 
import javax.servlet.ServletResponse; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 
import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 
import org.springframework.stereotype.Component; 

@Component 
public class SimpleCORSFilter implements Filter { 

    private final Logger log = LoggerFactory.getLogger(SimpleCORSFilter.class); 

    public SimpleCORSFilter() { 
     log.info("SimpleCORSFilter init"); 
    } 

    @Override 
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) 
      throws IOException, ServletException { 

     HttpServletRequest request = (HttpServletRequest) req; 
     HttpServletResponse response = (HttpServletResponse) res; 

     response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); 
     response.setHeader("Access-Control-Allow-Credentials", "true"); 
     response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, HEAD"); 
     response.setHeader("Access-Control-Max-Age", "3600"); 
     response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers"); 

     if (request.getMethod().equals("OPTIONS")) { 
      response.setStatus(HttpServletResponse.SC_OK); 
     } else { 
      chain.doFilter(req, res); 
     } 
    } 

    @Override 
    public void init(FilterConfig filterConfig) { 
    } 

    @Override 
    public void destroy() { 
    } 

} 

Этот фильтр на web.xml

<filter> 
     <filter-name>simpleCORSFilter</filter-name> 
     <filter-class> 
      tesis.core.security.SimpleCORSFilter 
     </filter-class> 
    </filter> 
    <filter-mapping> 
     <filter-name>simpleCORSFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

Я смущен, это запросы в сети Chrome: req/res

Я не понимаю, что я делаю неправильно. Спасибо!

EDIT: Когда я отправляю запрос с того же URL-адреса http // localhost: 8080/работает отлично. С HTTP // локальный: 9000 весна всегда возвращают SC_UNAUTHORIZED

Это SecurityConfig

package tesis.core.security; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter{ 

    @Autowired 
    private AuthFailure authFailure; 

    @Autowired 
    private AuthSuccess authSuccess; 

    @Autowired 
    private EntryPointUnauthorizedHandler unauthorizedHandler; 

    @Autowired 
    private UserDetailServiceImpl userDetailService; 

    @Autowired 
    public void configAuthBuilder(AuthenticationManagerBuilder builder) throws Exception{ 
     builder.userDetailsService(userDetailService); 
    } 


    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
      .csrf().disable() 
      .exceptionHandling() 
       .authenticationEntryPoint(unauthorizedHandler) 
       .and() 
      .formLogin() 
       .successHandler(authSuccess) 
       .failureHandler(authFailure) 
      .and() 
      .authorizeRequests() 
       .antMatchers("/**") 
       .permitAll(); 
    } 
} 

AuthSuccess и AuthFailure класс

package tesis.core.security; 

import java.io.IOException; 

import javax.servlet.ServletException; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 

import org.springframework.security.core.Authentication; 
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; 
import org.springframework.stereotype.Component; 

@Component 
public class AuthSuccess extends SimpleUrlAuthenticationSuccessHandler{ 

    @Override 
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, 
      Authentication authentication) throws IOException, ServletException { 

     response.setStatus(HttpServletResponse.SC_OK); 
    } 

} 

package tesis.core.security; 

import java.io.IOException; 

import javax.servlet.ServletException; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 

import org.springframework.security.core.AuthenticationException; 
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; 
import org.springframework.stereotype.Component; 

@Component 
public class AuthFailure extends SimpleUrlAuthenticationFailureHandler{ 

    @Override 
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, 
      AuthenticationException exception) throws IOException, ServletException { 

     response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 
    } 
} 

Answer 1

Наконец я смог найти решение. Прежде всего, решить 401 ошибку, я переписан запрос, как он говорит здесь: 401 solution

После этого появилась новая ошибка:

No 'Access-Control-Allow-Origin' header is present on the requested resource Origin is therefore not allowed access.

Затем чтение весна документ я понял, что я должен сказать специально для того, чтобы пружиной использовать этот заголовок. Вот подсказка: Spring Doc: header-static

Итак, это файл SecurityConfig исправлено:

package tesis.core.security; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.web.authentication.AuthenticationFailureHandler; 
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; 
import org.springframework.security.web.header.writers.StaticHeadersWriter; 

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter{ 

    @Autowired 
    private AuthFailure authFailure; 

    @Autowired 
    private AuthSuccess authSuccess; 

    @Autowired 
    private EntryPointUnauthorizedHandler unauthorizedHandler; 

    @Autowired 
    private UserDetailServiceImpl userDetailService; 

    @Autowired 
    public void configAuthBuilder(AuthenticationManagerBuilder builder) throws Exception{ 
     builder.userDetailsService(userDetailService); 
    } 

    @Bean 
    public AuthenticationFailureHandler authenticationFailureHandler() { 
     return new SimpleUrlAuthenticationFailureHandler(); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
      .csrf().disable() 
      .headers().addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Origin","*")) 
      .and() 
      .exceptionHandling() 
       .authenticationEntryPoint(unauthorizedHandler) 
       .and() 
      .formLogin() 
       .successHandler(authSuccess) 
       .failureHandler(authFailure) 
      .and() 
      .authorizeRequests() 
       .antMatchers("/**") 
       .permitAll(); 
    } 
} 

Спасибо всем.