OAuth 2 Autoconfiguration 401 Error for preflight request spring-atti…

…c#1749
rolaca11 · Sep 17, 2019 · 392c1ac · 392c1ac
1 parent 5df8fc1
commit 392c1ac
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/.../oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java b/.../oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java
@@ -19,6 +19,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -86,9 +87,10 @@ protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
         	.authorizeRequests()
-            	.antMatchers(tokenEndpointPath).fullyAuthenticated()
-            	.antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess())
-            	.antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess())
+				.antMatchers(HttpMethod.OPTIONS, tokenEndpointPath).permitAll()
+				.antMatchers(tokenEndpointPath).fullyAuthenticated()
+				.antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess())
+				.antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess())
         .and()
         	.requestMatchers()
             	.antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath)