Search code examples
reactjsspringspring-bootservletsspring-security

Spring Boot - React Failed to authorize filter invocation

Hi all I'm new to spring boot and react, I'm working on the simple login app using react js and spring boot, whenever I try to navigate to a different API call (e.g logout, welcome) I get the following message Failed to authorize filter invocation [GET /welcome] with attributes [authenticated] I think this is something with WebSecurityConfigurerAdapter looking for a proper solution

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.csrf().disable().sessionManagement().sessionFixation().migrateSession().and()
            //.addFilterAfter(new AuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).csrf().disable()
            .authorizeRequests()
            .antMatchers("/").permitAll()
            .anyRequest().authenticated()
            .and().formLogin().loginPage("/login").and()
            .logout()
            .logoutUrl("/logout").invalidateHttpSession(true).deleteCookies().clearAuthentication(true)
            .permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/403").and().httpBasic();
}

handleDashboard() {

axios.get("http://localhost:8080/welcome",{ withCredentials: true }).then(res => {
  if (res.data === "success") {
    this.props.history.push("/");
  } else {
    alert("Authentication failure");
  }
});

}

WebSecurityConfig log output

Solution

  • After playing around with spring security & spring boot I was able to find the root cause and fix it, just enable the CORS at the main class file(Global CORS configuration) and will fix the above issue.

    ps: even enabling CORS at its method level was not recognized properly, need to add it in the main class

      @Bean
public FilterRegistrationBean<CorsFilter> simpleCorsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.setAllowedOrigins(Arrays.asList("http://localhost:3000"));
    config.setAllowedMethods(Collections.singletonList("*"));
    config.setAllowedHeaders(Collections.singletonList("*"));
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
    bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
    return bean;
}