From 36466ab39a31c87239c08a131c60475049bd4753 Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Mon, 28 Nov 2016 02:27:10 +0700 Subject: CORS configuration --- .../api/configuration/ApiMvcConfiguration.java | 7 ------- .../juick/api/configuration/ApiSecurityConfig.java | 22 +++++++++++++++++++++- 2 files changed, 21 insertions(+), 8 deletions(-) (limited to 'juick-api/src/main/java/com/juick/api/configuration') diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java index e3a49c6c..549de8bc 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java @@ -7,7 +7,6 @@ import org.springframework.context.annotation.Configuration; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; -import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport; import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; @@ -39,10 +38,4 @@ public class ApiMvcConfiguration extends WebMvcConfigurationSupport { converters.add(converter); super.configureMessageConverters(converters); } - - @Override - protected void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/**") - .allowedOrigins("*"); - } } diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java index cd5e3bbc..b3d2d21e 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java @@ -13,8 +13,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import javax.inject.Inject; +import java.util.Arrays; /** * Created by aalexeev on 11/21/16. @@ -40,19 +44,35 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { .anyRequest().hasRole("USER") .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().anonymous() + .and().cors().configurationSource(corsConfigurationSource()) .and().servletApi() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().authenticationProvider(new JuickAuthenticationProvider(userService)) - .headers().cacheControl(); + .headers().defaultsDisabled().cacheControl(); } @Bean public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() { return new JuickAuthenticationEntryPoint(); } + @Bean public JuickHashFilter getJuickHashFilter() { return new JuickHashFilter(); } + + @Bean + CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + + configuration.setAllowedOrigins(Arrays.asList("*")); + configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE")); + configuration.setAllowedHeaders(Arrays.asList("*")); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + + return source; + } } -- cgit v1.2.3