MaDgIK
/
authorization-library
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[springboot3 | DONE]: Fix cors allowed origins

This commit is contained in:
Konstantinos Triantafyllou 2024-07-30 14:49:21 +03:00
parent f7598b418c
commit d9f98328ba
3 changed files with 28 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java
View File

@ -1,10 +1,36 @@
package eu.dnetlib.uoaauthorizationlibrary.configuration; package eu.dnetlib.uoaauthorizationlibrary.configuration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration @Configuration
@EnableConfigurationProperties({SecurityConfig.class, GlobalVars.class}) @EnableConfigurationProperties({SecurityConfig.class, GlobalVars.class})
@ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" }) @ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" })
public class AuthorizationConfiguration { } public class AuthorizationConfiguration {
private final SecurityConfig securityConfig;
@Autowired
public AuthorizationConfiguration(SecurityConfig securityConfig) {
this.securityConfig = securityConfig;
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOriginPatterns("*" + securityConfig.getDomain(), "*" + securityConfig.getDomain() + ":*")
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
.allowCredentials(true);
}
};
}
}

26
src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/CorsAllowFilter.java
View File

@ -1,26 +0,0 @@
package eu.dnetlib.uoaauthorizationlibrary.configuration;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Component
public class CorsAllowFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS, HEAD");
response.addHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
response.addHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin, Access-Control-Allow-Credentials");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addIntHeader("Access-Control-Max-Age", 10);
filterChain.doFilter(request, response);
}
}

6
src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java
View File

@ -1,6 +1,5 @@
package eu.dnetlib.uoaauthorizationlibrary.stateless.security; package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
import eu.dnetlib.uoaauthorizationlibrary.configuration.CorsAllowFilter;
import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint; import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
@ -19,12 +18,10 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationFi
public class WebSecurityConfig { public class WebSecurityConfig {
private final AuthorizationFilter filter; private final AuthorizationFilter filter;
private final CorsAllowFilter corsFilter;
@Autowired @Autowired
public WebSecurityConfig(AuthorizationFilter filter, CorsAllowFilter corsFilter) { public WebSecurityConfig(AuthorizationFilter filter) {
this.filter = filter; this.filter = filter;
this.corsFilter = corsFilter;
} }
@Bean @Bean
@ -35,7 +32,6 @@ public class WebSecurityConfig {
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable); http.csrf(AbstractHttpConfigurer::disable);
http.addFilter(corsFilter);
http.addFilterBefore(filter, BasicAuthenticationFilter.class); http.addFilterBefore(filter, BasicAuthenticationFilter.class);
http.exceptionHandling(handler -> handler.authenticationEntryPoint(this.entryPoint())); http.exceptionHandling(handler -> handler.authenticationEntryPoint(this.entryPoint()));
http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll()); http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());