i am trying to switch to spring 4.2's native Global CORS support after i upgrade to spring-boot 1.3, but it seemed won't work with CAS filter process url(/login/cas).
Originally, i was using spring-boot 1.2.7 with spring 4.2 and spring-security 4.0.2, and using self made filtered based cors support. And either my own rest service or CAS ST validation URL worked well. After i upgraded to spring-boot 1.3 with coming in spring and spring-security version. It stopped working. After some digging, fixed this by AddFilterBefore. So filtered based CORS seemed work well too with spring-boot 1.3.0 + spring-security-cas.
However, i want to use native Global CORS, but it seemed the CAS ST validation URL(/login/cas) can't be recognized, though other rest endpoints are OK.
Please help.
The setup is quite straight forward.
@Configuration
public class CorsConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
};
}
}
And following are some trafic:
Request URL:http://localhost:9000/login/cas?ticket=ST-1357-15aQrv93jGEUsQpQRF1P-cas01.example.org
Request Method:GET
Status Code:302 Found
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Length:0
Date:Thu, 19 Nov 2015 09:19:31 GMT
Expires:0
Location:http://localhost:9000/
Pragma:no-cache
Server:Apache-Coyote/1.1
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
and following are console errors:
XMLHttpRequest cannot load http://localhost:9000/login/cas?ticket=ST-1357-15aQrv93jGEUsQpQRF1P-cas01.example.org. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
