Cors não passa em um sistema, mas passa em outro - resolvido

No postman, esta requisição funciona. No sistema angular não.
http://localhost:8102/modulo-usuario-permissao-api/oauth/token?grant_type=password&username=guilherme@netsoft.eti.br&password=123

JAVA

import static org.springframework.core.Ordered.HIGHEST_PRECEDENCE;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import lombok.extern.apachecommons.CommonsLog;

@Component
@Order(HIGHEST_PRECEDENCE)
@CommonsLog
public class SmpleCORSFilter implements Filter {

	@Value("${origens-permitidas}")
	private String[] origensPermitidas;

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
		log.info("Sistema de usuarios | SmpleCORSFilter inocio");
	}

	@Override
	public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
			throws IOException, ServletException {
		HttpServletResponse response = (HttpServletResponse) resp;
		response.setHeader("Access-Control-Allow-Origin", "*");
		response.setHeader("Access-Control-Allow-Methods", "*");
		response.setHeader("Access-Control-Max-Age", "3600");
		response.setHeader("Access-Control-Allow-Headers", "*");
		chain.doFilter(req, resp);
	}

	@Override
	public void destroy() {
	}
}

Angular

login(credentials: any): Observable<void> {
    const logar =
      '?grant_type=password&username=' +
      credentials.login +
      '&password=' +
      encodeURIComponent(credentials.senha);
    const headers = {
      Authorization: 'Basic ' + btoa('123' + ':' + 'teste'),
    };
    return this.http
      .post<any>(environment.AUTH + OAUTH + TOKEN + logar, {}, { headers })
      .pipe(map((response: any) => this.authenticateSuccess(response, true)));
  }
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;

import br.com.ghnetsoft.apifinanceiro.usuariopermissao.service.MyUserDetailsService;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

	private TokenStore tokenStore = new InMemoryTokenStore();

	@Autowired
	@Qualifier("authenticationManagerBean")
	private AuthenticationManager authenticationManager;

	@Autowired
	private MyUserDetailsService userDetailsService;

	@Autowired
	private PasswordEncoder passwordEncoder;

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints.tokenStore(tokenStore).authenticationManager(authenticationManager)
				.userDetailsService(userDetailsService);
	}

	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		String senha = passwordEncoder
.encode("YXBpZmluYW5jZWlybzIwMjAlICsgYXBpLWZpbmFuY2Vpcm8gKyBOZXRzb2Z0ICsgR0ggU0lTVEVNQVM=");
		clients.inMemory()
.withClient("TmV0c29mdCArIEdIIFNJU1RFTUFTICsgYXBpLWZpbmFuY2Vpcm8gKyBhcGlmaW5hbmNlaXJvMjAyMCU=")
				.authorizedGrantTypes("password", "authorization_code", "refresh_token").scopes("bar", "read", "write")
.refreshTokenValiditySeconds(86400).accessTokenValiditySeconds(86400).resourceIds("restservice")
				.secret(senha);
	}

	@Bean
	@Primary
	public DefaultTokenServices tokenServices() {
		DefaultTokenServices tokenServices = new DefaultTokenServices();
		tokenServices.setSupportRefreshToken(true);
		tokenServices.setTokenStore(tokenStore);
		return tokenServices;
	}

	@Override
	public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients().tokenKeyAccess("permitAll()").checkTokenAccess("permitAll()");
	}
}
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import br.com.ghnetsoft.apifinanceiro.usuariopermissao.service.MyUserDetailsService;

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Autowired
	private MyUserDetailsService userDetailsService;
	
	@Override
	protected void configure(HttpSecurity httpSecurity) throws Exception {
		httpSecurity.authorizeRequests().antMatchers("/").authenticated().and().authorizeRequests()
				.antMatchers("/h2/**").permitAll();
		httpSecurity.csrf().disable();
		httpSecurity.headers().frameOptions().disable();
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		super.configure(auth);
		auth.userDetailsService(userDetailsService);
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers("/**.html", "/publico/**", "/v2/api-docs", "/webjars/**", "/configuration/**",
				"/swagger-resources/**");
	}

	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
}

Tenho um outro sistema que utiliza a mesma forma de logar e funciona.

O que pode ser ?

Isso pq no postman voce está acessando direto o servidor do backend. Já nesse angular tem essa complicação e overhead de passar antes pelo servidor onde ta a aplicação angular e lá fazer o proxy reverso.

Voce já postou várias vezes sobre esse assunto e pelo menos um dos posts foram solucionados. Entao é só consultar nos seus próprios posts.

2 curtidas

Sobre o postman acessar direto o servidor eu seu, tanto é que ele acessar localhost:8102

O angular faz a requisição pela porta 4200.

A questão é, porque em dois sistemas com o mesmo código, um acessa e outro não.

http://localhost:8102/modulo-usuario-permissao-api/oauth/token?grant_type=password&username=guilherme@netsoft.eti.br&password=123 este não funciona -

http://localhost:8102/modulo-usuario-permissao-api/publico/usuario/ este funciona.