CORS configuration

author: Alexander Alexeev 2016-11-28 02:27:10 +0700
committer: Alexander Alexeev 2016-11-28 02:27:10 +0700
commit: 36466ab39a31c87239c08a131c60475049bd4753 (patch)
tree: 55ab30847c45f37dd35ea1b7d43aaeb2f8eb7a22 /juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
parent: 9241901c9367259eebf1128c0693f9bc3f3597a5 (diff)
1 files changed, 21 insertions, 1 deletions
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index cd5e3bbc..b3d2d21e 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -13,8 +13,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import javax.inject.Inject;
+import java.util.Arrays;
 
 /**
  * Created by aalexeev on 11/21/16.
@@ -40,19 +44,35 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
                 .anyRequest().hasRole("USER")
                 .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
                 .and().anonymous()
+                .and().cors().configurationSource(corsConfigurationSource())
                 .and().servletApi()
                 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
                 .and().authenticationProvider(new JuickAuthenticationProvider(userService))
-                .headers().cacheControl();
+                .headers().defaultsDisabled().cacheControl();
     }
 
     @Bean
     public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
         return new JuickAuthenticationEntryPoint();
     }
+
     @Bean
     public JuickHashFilter getJuickHashFilter() {
         return new JuickHashFilter();
     }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
 }
author	Alexander Alexeev	2016-11-28 02:27:10 +0700
committer	Alexander Alexeev	2016-11-28 02:27:10 +0700
commit	36466ab39a31c87239c08a131c60475049bd4753 (patch)
tree	55ab30847c45f37dd35ea1b7d43aaeb2f8eb7a22 /juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
parent	9241901c9367259eebf1128c0693f9bc3f3597a5 (diff)