CORS Setup with pac4j and Spring Boot
163 views
Skip to first unread message
Amrish Bharatiya
Nov 10, 2021, 12:52:18 PM11/10/21
to Pac4j users mailing list
Hi,
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new SecurityInterceptor(config, "CasClient"))
.addPathPatterns("/docs/**");
registry.addInterceptor(new UserProfileInterceptor(userService, profileManager))
.addPathPatterns("/docs/**")
// A higher order than default (0) would ensure
// that this interceptor is executed after the SecurityInterceptor
.order(100);
}
I am trying to setup pac4j (5.0) for my spring boot application to authenticate with CAS. I have an angular application running on a different server accessing my spring boot service.
I have added following CORS config
@Value("${app.web.cors-allowed-origins}")
private String[] origins;
private String[] origins;
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins(origins)
.allowedMethods("*");
}
registry.addMapping("/**")
.allowedOrigins(origins)
.allowedMethods("*");
}
This is the error I am getting when accessing through my angular SPA:
Access to XMLHttpRequest at 'http://localhost:8081/api/docs/6140be1c6e3af51ea8c93a2c' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
CORS request was working fine before adding pac4j to the application.
This is the pac4j config I have in the app
@Configuration
@Slf4j
public class Pac4jConfig {
@Value("${app.sso.cas-login-url}")
private String CAS_LOGIN_URL;
@Value("${app.sso.login-callback-url}")
private String LOGIN_CALLBACK_URL;
@Bean
public Config config() {
final CasConfiguration configuration = new CasConfiguration(CAS_LOGIN_URL);
final CasClient casClient = new CasClient(configuration);
final Clients clients = new Clients(LOGIN_CALLBACK_URL, casClient);
return new Config(clients);
}
}
Access to XMLHttpRequest at 'http://localhost:8081/api/docs/6140be1c6e3af51ea8c93a2c' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
CORS request was working fine before adding pac4j to the application.
This is the pac4j config I have in the app
@Configuration
@Slf4j
public class Pac4jConfig {
@Value("${app.sso.cas-login-url}")
private String CAS_LOGIN_URL;
@Value("${app.sso.login-callback-url}")
private String LOGIN_CALLBACK_URL;
@Bean
public Config config() {
final CasConfiguration configuration = new CasConfiguration(CAS_LOGIN_URL);
final CasClient casClient = new CasClient(configuration);
final Clients clients = new Clients(LOGIN_CALLBACK_URL, casClient);
return new Config(clients);
}
}
And following security configuration for interceptors
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new SecurityInterceptor(config, "CasClient"))
.addPathPatterns("/docs/**");
registry.addInterceptor(new UserProfileInterceptor(userService, profileManager))
.addPathPatterns("/docs/**")
// A higher order than default (0) would ensure
// that this interceptor is executed after the SecurityInterceptor
.order(100);
}
Directly accessing the api endpoints works fine: http://localhost:8081/api/docs/6140be1c6e3af51ea8c93a2c
I went through the pac4j documentation and could not find anything on configuring CORS.
Please let me know how I can resolve this error or if I am missing something.
Thanks,
Amrish
Reply all
Reply to author
Forward
0 new messages