CORS configuration

2 files changed, 21 insertions, 8 deletions

diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
index e3a49c6c..549de8bc 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
@@ -7,7 +7,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
 
@@ -39,10 +38,4 @@ public class ApiMvcConfiguration extends WebMvcConfigurationSupport {
         converters.add(converter);
         super.configureMessageConverters(converters);
     }
-
-    @Override
-    protected void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOrigins("*");
-    }
 }
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index cd5e3bbc..b3d2d21e 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -13,8 +13,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import javax.inject.Inject;
+import java.util.Arrays;
 
 /**
  * Created by aalexeev on 11/21/16.
@@ -40,19 +44,35 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
                 .anyRequest().hasRole("USER")
                 .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
                 .and().anonymous()
+                .and().cors().configurationSource(corsConfigurationSource())
                 .and().servletApi()
                 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
                 .and().authenticationProvider(new JuickAuthenticationProvider(userService))
-                .headers().cacheControl();
+                .headers().defaultsDisabled().cacheControl();
     }
 
     @Bean
     public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
         return new JuickAuthenticationEntryPoint();
     }
+
     @Bean
     public JuickHashFilter getJuickHashFilter() {
         return new JuickHashFilter();
     }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
 }