0

I am trying to create RestAPI using Spring boot + Oauth 2.0 and want to access the same from another web application.

My Spring application is deployed at localhost:8585/oauth/token. If i use chrome REST extenstion for calling it works perfectly fine but When i am trying to get the oauth token from my web application using jquery ajax call it gives me following error

'XMLHttpRequest cannot load localhost:8585/oauth/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' localhost:8080' is therefore not allowed access. The response had HTTP status code 401.'

I referred some documentation and @EnableZuulProxy can enable proxy for server but it didnt work

Application.class 

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
@SpringBootApplication
@EnableZuulProxy
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}

Web Application Page calls oauth/token with clientid , client secret and grant type as client_credential using Jquery ajax call

AND application.yml 

zuul:
routes:
resource: 
path: oauth/*
url: http://localhost:8080/
stripPrefix: false

and oauth server http configuration as

.antMatchers("/oauth/token").authenticated() .and().csrf().csrfTokenRepository(csrfTokenRepository()).and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);

Andrei Sfat
  • 8,440
  • 5
  • 49
  • 69
kaspisbest
  • 1
  • 2
  • You shouldn't be using client credentials grant from a browser client (it's not secure). There's a sample of a browser client and a webapp using auth code grants [here](https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v) if you're interested. – Dave Syer Apr 03 '15 at 15:14
  • Thanks @DaveSyer , I tried application oauth2 from the provided angular master source. Please provide source to get access_token for logged in user in ui application. Also AuthenticationPrincipal annotation is not available for method in resource server application. I have added custom user details Service with some additional params to user such as exterenal client id. How i can get them in resource Server while accessing from UI application. Thanks in advance. – kaspisbest Apr 21 '15 at 09:32
  • You don't need an access token if you're an angular client (which is the point of the blog article). Ad far as `@AuthenticationPrincipal` is concerned, I actually don't know who is responsible for binding that, but I'd expect a method parameter that is a `Principal` to work if it's a controller you want to use it in. This is not really relevant to your original question as far as I know though, so perhaps you could pose it as another post or a github issue? – Dave Syer Apr 21 '15 at 19:39

0 Answers0