From 36466ab39a31c87239c08a131c60475049bd4753 Mon Sep 17 00:00:00 2001
From: Alexander Alexeev
Date: Mon, 28 Nov 2016 02:27:10 +0700
Subject: CORS configuration

---
 .../api/configuration/ApiMvcConfiguration.java     |  7 -------
 .../juick/api/configuration/ApiSecurityConfig.java | 22 +++++++++++++++++++++-
 .../java/com/juick/api/controllers/Messages.java   |  6 ++++--
 3 files changed, 25 insertions(+), 10 deletions(-)

(limited to 'juick-api/src/main/java')

diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
index e3a49c6c..549de8bc 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
@@ -7,7 +7,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
 
@@ -39,10 +38,4 @@ public class ApiMvcConfiguration extends WebMvcConfigurationSupport {
         converters.add(converter);
         super.configureMessageConverters(converters);
     }
-
-    @Override
-    protected void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOrigins("*");
-    }
 }
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index cd5e3bbc..b3d2d21e 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -13,8 +13,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import javax.inject.Inject;
+import java.util.Arrays;
 
 /**
  * Created by aalexeev on 11/21/16.
@@ -40,19 +44,35 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
                 .anyRequest().hasRole("USER")
                 .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
                 .and().anonymous()
+                .and().cors().configurationSource(corsConfigurationSource())
                 .and().servletApi()
                 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
                 .and().authenticationProvider(new JuickAuthenticationProvider(userService))
-                .headers().cacheControl();
+                .headers().defaultsDisabled().cacheControl();
     }
 
     @Bean
     public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
         return new JuickAuthenticationEntryPoint();
     }
+
     @Bean
     public JuickHashFilter getJuickHashFilter() {
         return new JuickHashFilter();
     }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
 }
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java
index f8e892e7..0f8e7e07 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java
@@ -17,7 +17,10 @@ import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.StringUtils;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
 import rocks.xmpp.addr.Jid;
 import rocks.xmpp.core.stanza.model.Message;
 
@@ -31,7 +34,6 @@ import java.util.List;
  * @author ugnich
  */
 @Controller
-@CrossOrigin
 @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
 public class Messages {
     private static final Logger logger = LoggerFactory.getLogger(Messages.class);
-- 
cgit v1.2.3