spring security

0

witam,
konfiguruję spring security. Próbuję połączyć się z apki w angularze i dostaję
screenshot-20180220135242.png

oto kod angularowy

constructor(private http: HttpClient) { }
  public login(email, password) {
    const aUsername = "client";
    const aPassword = "clientpassword";
    const headers: HttpHeaders = new HttpHeaders();
    headers.append("Content-Type", "application/x-www-form-urlencoded");
    headers.append("Authorization", "Basic" + btoa(aUsername + ':' + aPassword));
    const params = { grant_type: "password", username: email, password: password };
    console.log(address + "/oauth/token", params, {headers: headers});
    return this.http.post(address + "/oauth/token", params, {headers: headers});
}

i konfiguracja springowa

@Configuration
@EnableAuthorizationServer
public class Oauth2AuthServerConfig extends AuthorizationServerConfigurerAdapter{

    private AuthenticationManager authenticationManager;
    private DataSource dataSource;

    @Autowired
    public Oauth2AuthServerConfig(AuthenticationManager authenticationManager,
                                  @Qualifier("dataSource") DataSource dataSource) {
        this.dataSource = dataSource;
        this.authenticationManager = authenticationManager;
    }

    @Override
    public void configure(final AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.tokenStore(tokenStore())
                .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client")
                .secret("clientpassword")
                .scopes("read", "write")
                .authorizedGrantTypes("password","authorization_code", "refresh_token")
                .accessTokenValiditySeconds(3600)
                .refreshTokenValiditySeconds(28*24*3600);
    }

    @Bean public TokenStore tokenStore() { return new JdbcTokenStore(dataSource); }

}
@Configuration
@EnableResourceServer
@EnableWebSecurity
public class Oauth2ResourceServerConfig extends ResourceServerConfigurerAdapter{

    private final DataSource dataSource;

    @Autowired
    public Oauth2ResourceServerConfig(@Qualifier("dataSource") DataSource dataSource) {
        this.dataSource = dataSource;
    }

    @Autowired
    public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
                .dataSource(dataSource)
                .usersByUsernameQuery("SELECT email, password, enabled  FROM users WHERE email=?")
                .authoritiesByUsernameQuery("SELECT * FROM users WHERE email=?");
                //.passwordEncoder(passwordEncoder());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/user/new").permitAll()
                .anyRequest().authenticated().and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .csrf().disable();
    }

}
0

Próbowałem skonfigurować cors ale efekt jest dokłądnie ten sam. Nie wiem czy problem leży po stronie ts czy springa.
Próbowałem z


@Component
public class MyConfiguration implements Filter {

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
        response.setHeader("Access-Control-Expose-Headers", "Location");
        chain.doFilter(req, res);
    }

    @Override
    public void init(FilterConfig filterConfig) {}

    @Override
    public void destroy() {}

}

a potem z

@Configuration
public class MyConfiguration {

    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                super.addCorsMappings(registry);
                registry.addMapping("/**")
                        .allowedOrigins("/**")
                        .allowedMethods(HttpMethod.GET.toString(),
                                HttpMethod.POST.toString(), HttpMethod.PUT.toString())
                        .allowedHeaders("Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method",
                        "Access-Control-Request-Headers","application/x-www-form-urlencoded", "Access-Control-Allow-Origin", "Authorization")
                .exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials",
                        "Access-Control-Allow-Methods", "Access-Control-Allow-Headers", "Authorization")
                .allowCredentials(true);
            }
        };
    }

}

natomiast w ts mam

public login(email, password) {
  const params = new URLSearchParams();
  params.append('username', email);
  params.append('password', password);
  params.append('grant_type', 'password');
  //params.append('client', 'clientpassword');
  let headers = new Headers({ 'Access-Control-Allow-Origin': '*',
  'Access-Control-Allow-Methods': 'GET, POST, PUT',
  'Access-Control-Allow-Headers': 'X-Requested-With,content-type, Authorization',
  //'Access-Control-Allow-Credentials': true ,
   'Content-type': 'application/x-www-form-urlencoded',
   'Authorization': 'Basic ' + btoa("client:clientpassword")});
  const options = new RequestOptions({ headers: headers });
  console.log('http://localhost:1818/oauth/token', params.toString(), options);
  return this.http.post('http://localhost:1818/oauth/token', params.toString(), options);
}
}

1 użytkowników online, w tym zalogowanych: 0, gości: 1, botów: 0