Error Full Authentication is required to access this Resource

Question

Error Full Authentication is required to access this Resource

Asked 5 years, 10 months ago

Viewed 4,406 times

1

Hello, I have a backend made with Spring and I Gero a file . jar and 'raise' it via Vscode to the front made in Angular. When I try to access my page (everything is localhost), I get this return:

ERROR Error: Uncaught (in promise): HttpErrorResponse: {"headers":{"normalizedNames":{},"lazyUpdate":null},"status":401,"statusText":"OK","url":"http://localhost:8080/lancamento?resumo","ok":false,"name":"HttpErrorResponse","message":"Http failure response for http://localhost:8080/lancamento?resumo: 401 OK","error":{"timestamp":"2019-01-10","status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/lancamento"}}

My code in Angular is that way:

constructor(private http: HttpClient) { } 

pesquisar(): Promise<any> {
const headers = new HttpHeaders();
headers.append('Authorization', 'Basic YWRtaW5AYWxnYW1vbmV5LmNvbTphZG1pbg==');
return this.http.get(`${this.lancamentoUrl}?resumo`, { headers}).toPromise()
     .then(response => {
      console.log(response);
 });

}

My CORS code is like this:

@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
        throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) resp;

    response.setHeader("Access-Control-Allow-Origin", ApiProperty.getOriginPermitida());
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, PUT, OPTIONS");
    response.setHeader("Access-Control-Allow-Headers", "Authorization, Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
    response.setHeader("Access-Control-Max-Age", "3600");

    // response.setStatus(HttpServletResponse.SC_OK);

    //

    if ("OPTIONS".equals(request.getMethod())) {
        response.setStatus(HttpServletResponse.SC_OK);
    } else {
        chain.doFilter(req, resp);
    }

}

My origin Ermitida is like this:

private String originPermitida = "*";

My Httpsecurity code looks like this:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .anyRequest().authenticated()
        .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
        .and()
        .httpBasic()
        .and()
        .antMatcher("/**")
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .csrf().disable();
}

In Postman, it opens which is a beauty, the error happens when I open the page via Rowse.

Where am I going wrong? Could you give me a north?

Thank you!

What kind of security is using, Http Basic, Oauth ?

– Viktor Hugo

2019/01/10 at 16:58
I’m using Basic anyway.

– Victor Freidinger

2019/01/10 at 17:12
I was able to perform a debug now and checked that at the moment OPTIONS is done in CORS (This bit here: if ("OPTIONS".equals(request.getMethod())), the return of this is coming as GET. From what I got of explanation, OPTIONS would be a 'question to Browse' if you can send some things, even before sending. Would be skipping some stage ? The strange thing is that via Postman does not give the problem.

– Victor Freidinger

2019/01/10 at 17:14
I couldn’t evolve in this problem. @Viktorhugo can help?

– Victor Freidinger

2019/01/14 at 11:47

3 answers

Browser other questions tagged java angular spring-boot

You are not signed in. Login or sign up in order to post.

by Felipe Jansen • 1 point · Answer 1 · 2019-02-02T02:20:01+00:00

Return this.http.get(${this.lancamentoUrl}?resumo, httpOptions ) . subscribe(date) => {console.log(date); } );

Where did you put this command ?

by Felipe Jansen • 1 point · Answer 2 · 2019-02-05T23:39:49+00:00

In addition to what Victor said, I was able to access the methods by configuring "Crossorigin"

@CrossOrigin(origins = "http://localhost:4200") //CONFIGURACAO DO CROSS
@GetMapping
public Page<Lancamento> pesquisar(LancamentoFilter lancamentoFilter, Pageable pageable){
    return lancamentoRepository.filtrar(lancamentoFilter, pageable);
}

by Victor Freidinger • **339** points · Answer 3 · 2019-01-15T19:36:37+00:00

Hello, For anyone who has the same problem as me, I have found the following solution:

In building my Header I changed to this:

pesquisar() {
const httpOptions = {
  headers: new HttpHeaders({
    'Content-Type':  'application/json',
    'Authorization': 'Basic YWRtaW5AYWxnYW1vbmV5LmNvbTphZG1pbg=='
  })
};

return this.http.get(`${this.lancamentoUrl}?resumo`, httpOptions )
                .subscribe((data) => {console.log(data); } );

}

I had to take the Precedent and the call became simpler:

 pesquisar() {
this.lancamentoService.pesquisar();

}

I had some support on this by explaining that there was a change in the Angular version of this whole HTTP module. I hadn’t mentioned, I’m using version 7.1.3 of Angular. Maybe the way it was before works for version 4, but for this new version did not work.