From 36466ab39a31c87239c08a131c60475049bd4753 Mon Sep 17 00:00:00 2001
From: Alexander Alexeev
Date: Mon, 28 Nov 2016 02:27:10 +0700
Subject: CORS configuration

---
 .../juick/api/configuration/ApiSecurityConfig.java | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java')

diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index cd5e3bbc..b3d2d21e 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -13,8 +13,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import javax.inject.Inject;
+import java.util.Arrays;
 
 /**
  * Created by aalexeev on 11/21/16.
@@ -40,19 +44,35 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
                 .anyRequest().hasRole("USER")
                 .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
                 .and().anonymous()
+                .and().cors().configurationSource(corsConfigurationSource())
                 .and().servletApi()
                 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
                 .and().authenticationProvider(new JuickAuthenticationProvider(userService))
-                .headers().cacheControl();
+                .headers().defaultsDisabled().cacheControl();
     }
 
     @Bean
     public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
         return new JuickAuthenticationEntryPoint();
     }
+
     @Bean
     public JuickHashFilter getJuickHashFilter() {
         return new JuickHashFilter();
     }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
 }
-- 
cgit v1.2.3