Springboot /login Controller fails from angular application

0
votes

I have a springboot application that validates the authentication against ldap. I tested it through Postman and it works fine. I have extended WebSecurityConfigurerAdapter to validate the login credentials against the LDap. This is working fine with no issues. I have a angular front end and I call the /login and POSTing the username and password to it. It didnt work and I was getting a CORs error. The I added the below code into Application.java and I am not seeing a CORs error anymore. 

@Bean
public WebMvcConfigurer corsConfigurer()
{
    return new WebMvcConfigurer() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**").allowedMethods("*").allowedOrigins("*");
        }
    };
}

But, I am still getting 401 Unauthorized for the /login call, not the CORs error. I am not sure what I am missing here. Can any help me on this?

Below is the error I am getting when I clicked Submit button on the login page. enter image description here

enter image description here

Springboot LDap Authentication

@Configuration
@Order(SecurityProperties.IGNORED_ORDER)
@CrossOrigin(origins = "*")
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().anyRequest().permitAll();
        http.csrf().disable();

        http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
        http.formLogin().successHandler(authenticationSuccessHandler);
        http.formLogin().failureHandler(authenticationFailureHandler);
    }

    @SuppressWarnings("deprecation")
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth        
            .ldapAuthentication()
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource()
                    .url("ldap://localhost:8389/dc=springframework,dc=org")
                    .and()
                .passwordCompare()
                    .passwordEncoder(new LdapShaPasswordEncoder())
                    .passwordAttribute("userPassword");
    }

}

And here is my logs:

2019-09-25 17:07:27.781 DEBUG 11908 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing POST request for [/error] 2019-09-25 17:07:27.782 DEBUG 11908 --- [nio-8080-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /error 2019-09-25 17:07:27.788 DEBUG 11908 --- [nio-8080-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest)] 2019-09-25 17:07:27.794 DEBUG 11908 --- [nio-8080-exec-4] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Written [{timestamp=Wed Sep 25 17:07:27 PDT 2019, status=401, error=Unauthorized, message=Unauthorized, path=/login}] as "application/json" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@1187c9e8] 2019-09-25 17:07:27.806 DEBUG 11908 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling 2019-09-25 17:07:27.814 DEBUG 11908 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet
: Successfully completed request 2019-09-25 17:07:39.720 DEBUG 11908 --- [nio-8080-exec-8] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing POST request for [/error] 2019-09-25 17:07:39.721 DEBUG 11908 --- [nio-8080-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /error 2019-09-25 17:07:39.724 DEBUG 11908 --- [nio-8080-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest)] 2019-09-25 17:07:39.734 DEBUG 11908 --- [nio-8080-exec-8] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Written [{timestamp=Wed Sep 25 17:07:39 PDT 2019, status=401, error=Unauthorized, message=Unauthorized, path=/login}] as "application/json" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@1187c9e8] 2019-09-25 17:07:39.735 DEBUG 11908 --- [nio-8080-exec-8] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling 2019-09-25 17:07:39.744 DEBUG 11908 --- [nio-8080-exec-8] o.s.web.servlet.DispatcherServlet
: Successfully completed request

THis is how I make a call to the the /login service from Angualar

this.http.post("http://localhost:8080/login", data);
1
angularspring-bootauthentication
Your question is about spring security and you have not posted asingle line of code of you security configuration. Post your code! - Toerktumlare
@ThomasAndolf updated the code and logs as well - Sree

1 Answers

0
votes

I was able to fix it finally. There were 2 changes that made my code work.

  1. The Angular service call supposed to like this
return this.http.post(url+ "?username=" + data.username + "&password=" + data.password, "")
  1. After the above change, I got the response back from the service, but the browser was still showing the CORS error. I have set Access-Control-Allow-Origin to * in the response header solved that the CORS issue.