aboutsummaryrefslogtreecommitdiff
path: root/juick-api/src/main/java/com/juick/api/configuration
diff options
context:
space:
mode:
authorGravatar Alexander Alexeev2016-11-28 02:27:10 +0700
committerGravatar Alexander Alexeev2016-11-28 02:27:10 +0700
commit36466ab39a31c87239c08a131c60475049bd4753 (patch)
tree55ab30847c45f37dd35ea1b7d43aaeb2f8eb7a22 /juick-api/src/main/java/com/juick/api/configuration
parent9241901c9367259eebf1128c0693f9bc3f3597a5 (diff)
CORS configuration
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/configuration')
-rw-r--r--juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java7
-rw-r--r--juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java22
2 files changed, 21 insertions, 8 deletions
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
index e3a49c6c..549de8bc 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
@@ -7,7 +7,6 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
@@ -39,10 +38,4 @@ public class ApiMvcConfiguration extends WebMvcConfigurationSupport {
converters.add(converter);
super.configureMessageConverters(converters);
}
-
- @Override
- protected void addCorsMappings(CorsRegistry registry) {
- registry.addMapping("/**")
- .allowedOrigins("*");
- }
}
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index cd5e3bbc..b3d2d21e 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -13,8 +13,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import javax.inject.Inject;
+import java.util.Arrays;
/**
* Created by aalexeev on 11/21/16.
@@ -40,19 +44,35 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
.anyRequest().hasRole("USER")
.and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
.and().anonymous()
+ .and().cors().configurationSource(corsConfigurationSource())
.and().servletApi()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
.and().authenticationProvider(new JuickAuthenticationProvider(userService))
- .headers().cacheControl();
+ .headers().defaultsDisabled().cacheControl();
}
@Bean
public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
return new JuickAuthenticationEntryPoint();
}
+
@Bean
public JuickHashFilter getJuickHashFilter() {
return new JuickHashFilter();
}
+
+ @Bean
+ CorsConfigurationSource corsConfigurationSource() {
+ CorsConfiguration configuration = new CorsConfiguration();
+
+ configuration.setAllowedOrigins(Arrays.asList("*"));
+ configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+ configuration.setAllowedHeaders(Arrays.asList("*"));
+
+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+ source.registerCorsConfiguration("/**", configuration);
+
+ return source;
+ }
}