Angular / Spring Boot Camunda - CORS Same Origin blocking issues

CptDayDreamer · August 18, 2021, 12:19pm

Hey there. I have no idea why it works for basically everybody but not for me. Via postman and browser I can call the request without problems. The error is basically the one everyone here had:

Access to XMLHttpRequest at ‘http://localhost:8080/engine-rest/task?sortBy=created&sortOrder=desc&maxResults=10’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

getTasks(sortBy: string, sortOrder: string, maxResults: number): Observable<any> {

    const endpoint =

      'http://localhost:8080/engine-rest/task?sortBy=created&sortOrder=desc&maxResults=10';

    return this.http.get<any>(endpoint, httpOptions).pipe(

      tap((form) => this.log(`fetched tasks`)),

      catchError(this.handleError('getTasks', []))

    );

  }

const httpOptions = {
  headers: new HttpHeaders({
    Authorization: 'Basic ' + btoa('demo:demo'),
    'Content-Type': 'application/json'
  })
};

I configured a class in Spring Boot to enable authentication and also configure CORS like I always do:

@Configuration
public class CamundaSecurityFilter {

  @Bean
  public FilterRegistrationBean<Filter> processEngineAuthenticationFilter() {
    FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
    registration.setName("camunda-auth");
    registration.setFilter(getProcessEngineAuthenticationFilter());
    registration.addInitParameter(
        "authentication-provider",
        "org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider");
    registration.addUrlPatterns("/*");
    registration.setOrder(1);
    return registration;
  }

  List<String> allowedMethods = Arrays.asList("GET", "PUT", "POST", "PATCH", "DELETE", "OPTIONS");

  @Bean
  CorsConfigurationSource corsConfigurationSource() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowCredentials(true);
    configuration.setAllowedOriginPatterns(Arrays.asList("*"));
    configuration.setAllowedHeaders(Arrays.asList("*"));
    configuration.setAllowedMethods(allowedMethods);
    configuration.addExposedHeader("Authorization");
    source.registerCorsConfiguration("/**", configuration);
    return source;
  }

  @Bean
  public Filter getProcessEngineAuthenticationFilter() {
    return new ProcessEngineAuthenticationFilter();
  }
}

What is wrong here? Literally every entry in Google is now purple because I tried everything. I know in the Camunda-Angular example they are using a proxy but this can’t be the solution because I don’t want to globally set the path.

CptDayDreamer · August 21, 2021, 3:58am

In the end the problem was too easy to see…

You need the security package of Spring Boot and then annotate the class with @EnableWebSecurity. Then extend your class with extends WebSecurityConfigurerAdapter. Now you can override the method you need and activate CORS.

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.cors();
  }