diff options
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java')
-rw-r--r-- | juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java index cd5e3bbc..b3d2d21e 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java @@ -13,8 +13,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import javax.inject.Inject; +import java.util.Arrays; /** * Created by aalexeev on 11/21/16. @@ -40,19 +44,35 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { .anyRequest().hasRole("USER") .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().anonymous() + .and().cors().configurationSource(corsConfigurationSource()) .and().servletApi() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().authenticationProvider(new JuickAuthenticationProvider(userService)) - .headers().cacheControl(); + .headers().defaultsDisabled().cacheControl(); } @Bean public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() { return new JuickAuthenticationEntryPoint(); } + @Bean public JuickHashFilter getJuickHashFilter() { return new JuickHashFilter(); } + + @Bean + CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + + configuration.setAllowedOrigins(Arrays.asList("*")); + configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE")); + configuration.setAllowedHeaders(Arrays.asList("*")); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + + return source; + } } |