Spring security : I tried to test http://localhost:8080/login Post method and I redirected to the same path for login again

Question

I have created account with spring security , I have test the functionality with Postman and my frontend it's works good, then I try to login and every time I redirected to login , it's like a problem of authorization

from frontend I get this error:

Access to XMLHttpRequest at 'http://192.168.43.216:8080/login' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This my WebSecurityConfig.java

    package com.pi.MinuteBrico.security.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import com.pi.MinuteBrico.services.AppUserService;

@Configuration
//@AllArgsConstructor
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final AppUserService appUserService;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;
    

    public WebSecurityConfig(AppUserService appUserService,
            BCryptPasswordEncoder bCryptPasswordEncoder) {
        super();
        this.appUserService = appUserService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        
                .cors().and()
                .csrf().disable()
                .authorizeRequests()
                    .antMatchers("/registration/**"/*,SecurityConstraint.ROLE_ALL_AUTHENTICATED_USE*/)
                    .permitAll()
                .anyRequest()
                .authenticated().and()
                .formLogin();                 
                 
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(daoAuthenticationProvider());
    }

    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider provider =
                new DaoAuthenticationProvider();
        provider.setPasswordEncoder(bCryptPasswordEncoder);
        provider.setUserDetailsService(appUserService);
        return provider;
    }
}

**This what Happen when I try to test Post method for login http://localhost:8080/login on postman **

[![enter image description here][1]][1]

Answer 1

The cors (Cross Origin Resource Sharing) filter is added in your spring security configuration when you add http.cors(). This means only from same origin request will be servered. To add cross origin request to be served you need to add configuration for that. Add below bean to your SecurityConfiguration. For more deails check the link

@Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("https://localhost:300")); //URLs you want to allow
        configuration.setAllowedMethods(Arrays.asList("GET","POST")); //methods you want to allow
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }