diff --git a/src/main/java/net/gepafin/tendermanagement/TendermanagementApplication.java b/src/main/java/net/gepafin/tendermanagement/TendermanagementApplication.java index 8e3f5ef8..f9a97be8 100644 --- a/src/main/java/net/gepafin/tendermanagement/TendermanagementApplication.java +++ b/src/main/java/net/gepafin/tendermanagement/TendermanagementApplication.java @@ -2,7 +2,10 @@ package net.gepafin.tendermanagement; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Configuration; import org.springframework.scheduling.annotation.EnableScheduling; +import org.springframework.web.servlet.config.annotation.CorsRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @EnableScheduling @SpringBootApplication @@ -12,6 +15,16 @@ public class TendermanagementApplication { SpringApplication.run(TendermanagementApplication.class, args); System.out.println("Spring Boot started"); } + + @Configuration + public class CorsConfig implements WebMvcConfigurer { + + @Override + public void addCorsMappings(CorsRegistry registry) { + registry.addMapping("/**").allowedOrigins("http://localhost:3000") + .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD").allowCredentials(true); + } + } } diff --git a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java index 2d47430e..53b7baef 100644 --- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java +++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java @@ -39,10 +39,13 @@ import net.gepafin.tendermanagement.config.jwt.TokenProvider; public class SecurityConfig { private final TokenProvider tokenProvider; + + private final CorsFilter corsFilter; @Autowired - public SecurityConfig(TokenProvider tokenProvider) { + public SecurityConfig(TokenProvider tokenProvider, CorsFilter corsFilter) { this.tokenProvider = tokenProvider; + this.corsFilter = corsFilter; } @Bean @@ -70,17 +73,17 @@ public class SecurityConfig { } - @Bean - public CorsConfigurationSource corsConfigurationSource() { - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - CorsConfiguration config = new CorsConfiguration(); - config.setAllowCredentials(true); - config.addAllowedOrigin("http://localhost:3000"); // Change this to your frontend URL - config.addAllowedHeader("*"); - config.addAllowedMethod("*"); - source.registerCorsConfiguration("/**", config); - return source; - } +// @Bean +// public CorsConfigurationSource corsConfigurationSource() { +// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); +// CorsConfiguration config = new CorsConfiguration(); +// config.setAllowCredentials(true); +// config.addAllowedOrigin("http://localhost:3000"); // Change this to your frontend URL +// config.addAllowedHeader("*"); +// config.addAllowedMethod("*"); +// source.registerCorsConfiguration("/**", config); +// return source; +// } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception { @@ -96,7 +99,7 @@ public class SecurityConfig { .sessionManagement(session -> session .sessionCreationPolicy(SessionCreationPolicy.STATELESS) ) - .addFilterBefore(new CorsFilter(corsConfigurationSource()), AuthorizationFilter.class) + .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class) .addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class); return http.build();