Meine AngularJS-Anwendung verfügt über eine Schaltfläche zum Anmelden und Abmelden. Der Login-Button funktioniert einwandfrei und auch alle anderen Anfragen, die an mein Backend gesendet werden.Spring Security/Logout funktioniert nicht Cross-Ursprungsanforderungen
Das Problem tritt auf, wenn ich versuche, mich abzumelden.
Ich bekomme folgenden Fehler.
XMLHttpRequest cannot load http://localhost:8081/logout. The request was
redirected to 'http://localhost:8081/login?logout', which is disallowed for
cross-origin requests that require preflight.
Hier ist mein Code:
'use strict';
angular.module('emifEkolFinderApp').controller('logoutController', ['$scope', 'CONFIGURATION', 'AccessToken', '$http', '$location', function ($scope, CONFIGURATION, AccessToken, $http, $location) {
$scope.logout = function() {
var userUrl = 'http://' + CONFIGURATION.OAUTH_SERVER_IP_AND_PORT + '/logout';
var data = AccessToken.set().access_token;
$http.post(userUrl,JSON.stringify("{}")).then(function (successCallback) {
AccessToken.destroy();
console.log("Revokin'");
$location.path("/");
}, function (errorCallback) {
console.log(errorCallback);
});
};
}]);
Frühling Sicherheit config:
@Configuration
public class ServerSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
@Override
protected void configure(final AuthenticationManagerBuilder auth)
throws Exception {
auth.parentAuthenticationManager(authenticationManager).userDetailsService(userDetailsService);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/logout").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable()
.formLogin()
.loginPage("/login").permitAll()
.and()
.httpBasic()
.and()
.logout()
.permitAll()
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
}
}
mein CORS Filter:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, HEAD");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, cache-control, content-type, Origin, key");
response.setHeader("Content-Type", "*");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
filterChain.doFilter(request, response);
}
}
}
Ich berühre mich wirklich im Dunkeln. Hilfe wäre sehr willkommen.