diff options
author | Alexander Alexeev | 2016-11-28 02:27:10 +0700 |
---|---|---|
committer | Alexander Alexeev | 2016-11-28 02:27:10 +0700 |
commit | 36466ab39a31c87239c08a131c60475049bd4753 (patch) | |
tree | 55ab30847c45f37dd35ea1b7d43aaeb2f8eb7a22 /juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java | |
parent | 9241901c9367259eebf1128c0693f9bc3f3597a5 (diff) |
CORS configuration
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java')
-rw-r--r-- | juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java index cd5e3bbc..b3d2d21e 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java @@ -13,8 +13,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import javax.inject.Inject; +import java.util.Arrays; /** * Created by aalexeev on 11/21/16. @@ -40,19 +44,35 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { .anyRequest().hasRole("USER") .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().anonymous() + .and().cors().configurationSource(corsConfigurationSource()) .and().servletApi() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().authenticationProvider(new JuickAuthenticationProvider(userService)) - .headers().cacheControl(); + .headers().defaultsDisabled().cacheControl(); } @Bean public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() { return new JuickAuthenticationEntryPoint(); } + @Bean public JuickHashFilter getJuickHashFilter() { return new JuickHashFilter(); } + + @Bean + CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + + configuration.setAllowedOrigins(Arrays.asList("*")); + configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE")); + configuration.setAllowedHeaders(Arrays.asList("*")); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + + return source; + } } |