AngularJS & Spring Security with ROLE_ANONYMOUS still returns 401

Question

We are building an Angular Material application, consuming a RESTful Spring MVC API, with Spring Security & OAUTH2.

For testing purpose, we gave ROLE_ANONYMOUS acce

Answer 1

Ok, after reviewing the screenshot, we noticed the method was OPTIONS instead of POST.

The problem was not in the headers (we were checking those so much that we weren't seeing the obvious), but in the pre-flight request OPTIONS due to CORS. Here's a nice article about it. Our Spring Security was configured for the POST method, but not for the OPTIONS. We changed it and now it works like a charm: