MaDgIK
/
authorization-library
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[spring-boot3 | WIP]: change cors policy with filter.

This commit is contained in:
Konstantinos Triantafyllou 2024-07-30 14:24:26 +03:00
parent d0e8e7ea3f
commit f7598b418c
3 changed files with 32 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java
View File

@ -1,27 +1,10 @@
package eu.dnetlib.uoaauthorizationlibrary.configuration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
@EnableConfigurationProperties({SecurityConfig.class, GlobalVars.class})
@ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" })
public class AuthorizationConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOriginPatterns("*")
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
.allowCredentials(true);
}
};
}
}
public class AuthorizationConfiguration { }

26
src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/CorsAllowFilter.java Normal file
View File

@ -0,0 +1,26 @@
package eu.dnetlib.uoaauthorizationlibrary.configuration;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Component
public class CorsAllowFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS, HEAD");
response.addHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
response.addHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin, Access-Control-Allow-Credentials");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addIntHeader("Access-Control-Max-Age", 10);
filterChain.doFilter(request, response);
}
}

6
src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java
View File

@ -1,5 +1,6 @@
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
import eu.dnetlib.uoaauthorizationlibrary.configuration.CorsAllowFilter;
import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
@ -18,10 +19,12 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationFi
public class WebSecurityConfig {
private final AuthorizationFilter filter;
private final CorsAllowFilter corsFilter;
@Autowired
public WebSecurityConfig(AuthorizationFilter filter) {
public WebSecurityConfig(AuthorizationFilter filter, CorsAllowFilter corsFilter) {
this.filter = filter;
this.corsFilter = corsFilter;
}
@Bean
@ -32,6 +35,7 @@ public class WebSecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable);
http.addFilter(corsFilter);
http.addFilterBefore(filter, BasicAuthenticationFilter.class);
http.exceptionHandling(handler -> handler.authenticationEntryPoint(this.entryPoint()));
http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());