From 36466ab39a31c87239c08a131c60475049bd4753 Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Mon, 28 Nov 2016 02:27:10 +0700 Subject: CORS configuration --- .../api/configuration/ApiMvcConfiguration.java | 7 ------- .../juick/api/configuration/ApiSecurityConfig.java | 22 +++++++++++++++++++++- .../java/com/juick/api/controllers/Messages.java | 6 ++++-- 3 files changed, 25 insertions(+), 10 deletions(-) (limited to 'juick-api/src/main') diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java index e3a49c6c..549de8bc 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java @@ -7,7 +7,6 @@ import org.springframework.context.annotation.Configuration; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; -import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport; import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; @@ -39,10 +38,4 @@ public class ApiMvcConfiguration extends WebMvcConfigurationSupport { converters.add(converter); super.configureMessageConverters(converters); } - - @Override - protected void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/**") - .allowedOrigins("*"); - } } diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java index cd5e3bbc..b3d2d21e 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java @@ -13,8 +13,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import javax.inject.Inject; +import java.util.Arrays; /** * Created by aalexeev on 11/21/16. @@ -40,19 +44,35 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { .anyRequest().hasRole("USER") .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().anonymous() + .and().cors().configurationSource(corsConfigurationSource()) .and().servletApi() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().authenticationProvider(new JuickAuthenticationProvider(userService)) - .headers().cacheControl(); + .headers().defaultsDisabled().cacheControl(); } @Bean public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() { return new JuickAuthenticationEntryPoint(); } + @Bean public JuickHashFilter getJuickHashFilter() { return new JuickHashFilter(); } + + @Bean + CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + + configuration.setAllowedOrigins(Arrays.asList("*")); + configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE")); + configuration.setAllowedHeaders(Arrays.asList("*")); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + + return source; + } } diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java index f8e892e7..0f8e7e07 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java @@ -17,7 +17,10 @@ import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; @@ -31,7 +34,6 @@ import java.util.List; * @author ugnich */ @Controller -@CrossOrigin @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public class Messages { private static final Logger logger = LoggerFactory.getLogger(Messages.class); -- cgit v1.2.3