No postman, esta requisição funciona. No sistema angular não.
http://localhost:8102/modulo-usuario-permissao-api/oauth/token?grant_type=password&username=guilherme@netsoft.eti.br&password=123
JAVA
import static org.springframework.core.Ordered.HIGHEST_PRECEDENCE; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; import lombok.extern.apachecommons.CommonsLog; @Component @Order(HIGHEST_PRECEDENCE) @CommonsLog public class SmpleCORSFilter implements Filter { @Value("${origens-permitidas}") private String[] origensPermitidas; @Override public void init(FilterConfig filterConfig) throws ServletException { log.info("Sistema de usuarios | SmpleCORSFilter inocio"); } @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) resp; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "*"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "*"); chain.doFilter(req, resp); } @Override public void destroy() { } }
Angular
login(credentials: any): Observable<void> { const logar = '?grant_type=password&username=' + credentials.login + '&password=' + encodeURIComponent(credentials.senha); const headers = { Authorization: 'Basic ' + btoa('123' + ':' + 'teste'), }; return this.http .post<any>(environment.AUTH + OAUTH + TOKEN + logar, {}, { headers }) .pipe(map((response: any) => this.authenticateSuccess(response, true))); }
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Primary; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.provider.token.DefaultTokenServices; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; import br.com.ghnetsoft.apifinanceiro.usuariopermissao.service.MyUserDetailsService; @Configuration @EnableAuthorizationServer public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { private TokenStore tokenStore = new InMemoryTokenStore(); @Autowired @Qualifier("authenticationManagerBean") private AuthenticationManager authenticationManager; @Autowired private MyUserDetailsService userDetailsService; @Autowired private PasswordEncoder passwordEncoder; @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.tokenStore(tokenStore).authenticationManager(authenticationManager) .userDetailsService(userDetailsService); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { String senha = passwordEncoder .encode("YXBpZmluYW5jZWlybzIwMjAlICsgYXBpLWZpbmFuY2Vpcm8gKyBOZXRzb2Z0ICsgR0ggU0lTVEVNQVM="); clients.inMemory() .withClient("TmV0c29mdCArIEdIIFNJU1RFTUFTICsgYXBpLWZpbmFuY2Vpcm8gKyBhcGlmaW5hbmNlaXJvMjAyMCU=") .authorizedGrantTypes("password", "authorization_code", "refresh_token").scopes("bar", "read", "write") .refreshTokenValiditySeconds(86400).accessTokenValiditySeconds(86400).resourceIds("restservice") .secret(senha); } @Bean @Primary public DefaultTokenServices tokenServices() { DefaultTokenServices tokenServices = new DefaultTokenServices(); tokenServices.setSupportRefreshToken(true); tokenServices.setTokenStore(tokenStore); return tokenServices; } @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.allowFormAuthenticationForClients().tokenKeyAccess("permitAll()").checkTokenAccess("permitAll()"); } }
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import br.com.ghnetsoft.apifinanceiro.usuariopermissao.service.MyUserDetailsService; @Configuration @EnableWebSecurity public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired private MyUserDetailsService userDetailsService; @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity.authorizeRequests().antMatchers("/").authenticated().and().authorizeRequests() .antMatchers("/h2/**").permitAll(); httpSecurity.csrf().disable(); httpSecurity.headers().frameOptions().disable(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { super.configure(auth); auth.userDetailsService(userDetailsService); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/**.html", "/publico/**", "/v2/api-docs", "/webjars/**", "/configuration/**", "/swagger-resources/**"); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } }
Tenho um outro sistema que utiliza a mesma forma de logar e funciona.
O que pode ser ?