updated security config for cors
This commit is contained in:
rajesh
@@ -1,13 +1,5 @@
|
||||
package net.gepafin.tendermanagement.config;
|
||||
|
||||
import io.swagger.v3.oas.models.Components;
|
||||
import io.swagger.v3.oas.models.OpenAPI;
|
||||
import io.swagger.v3.oas.models.security.SecurityRequirement;
|
||||
import io.swagger.v3.oas.models.security.SecurityScheme;
|
||||
import io.swagger.v3.oas.models.servers.Server;
|
||||
import net.gepafin.tendermanagement.config.jwt.JWTConfigurer;
|
||||
import net.gepafin.tendermanagement.config.jwt.JWTFilter;
|
||||
import net.gepafin.tendermanagement.config.jwt.TokenProvider;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
@@ -16,7 +8,6 @@ import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
@@ -24,12 +15,16 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||
import org.springframework.web.filter.CorsFilter;
|
||||
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
|
||||
|
||||
import io.swagger.v3.oas.models.Components;
|
||||
import io.swagger.v3.oas.models.OpenAPI;
|
||||
import io.swagger.v3.oas.models.security.SecurityRequirement;
|
||||
import io.swagger.v3.oas.models.security.SecurityScheme;
|
||||
import io.swagger.v3.oas.models.servers.Server;
|
||||
import net.gepafin.tendermanagement.config.jwt.JWTFilter;
|
||||
import net.gepafin.tendermanagement.config.jwt.TokenProvider;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig {
|
||||
@@ -56,27 +51,27 @@ public class SecurityConfig {
|
||||
return new MvcRequestMatcher.Builder(introspector);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer(MvcRequestMatcher.Builder mvc) {
|
||||
return (web) -> web.ignoring()
|
||||
.requestMatchers(mvc.pattern(HttpMethod.OPTIONS, "/**"))
|
||||
.requestMatchers(new AntPathRequestMatcher("/i18n/**"))
|
||||
.requestMatchers(new AntPathRequestMatcher("/content/**"))
|
||||
.requestMatchers(new AntPathRequestMatcher("/swagger-ui/index.html"))
|
||||
.requestMatchers(new AntPathRequestMatcher("/swagger-ui/**"));
|
||||
}
|
||||
|
||||
@Bean
|
||||
public CorsFilter corsFilter() {
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
config.setAllowCredentials(true);
|
||||
config.addAllowedOrigin("*");
|
||||
config.addAllowedHeader("*");
|
||||
config.addAllowedMethod("*");
|
||||
source.registerCorsConfiguration("/**", config);
|
||||
return new CorsFilter(source);
|
||||
}
|
||||
// @Bean
|
||||
// public WebSecurityCustomizer webSecurityCustomizer(MvcRequestMatcher.Builder mvc) {
|
||||
// return (web) -> web.ignoring()
|
||||
// .requestMatchers(mvc.pattern(HttpMethod.OPTIONS, "/**"))
|
||||
// .requestMatchers(new AntPathRequestMatcher("/i18n/**"))
|
||||
// .requestMatchers(new AntPathRequestMatcher("/content/**"))
|
||||
// .requestMatchers(new AntPathRequestMatcher("/swagger-ui/index.html"))
|
||||
// .requestMatchers(new AntPathRequestMatcher("/swagger-ui/**"));
|
||||
// }
|
||||
//
|
||||
// @Bean
|
||||
// public CorsFilter corsFilter() {
|
||||
// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
// CorsConfiguration config = new CorsConfiguration();
|
||||
// config.setAllowCredentials(true);
|
||||
// config.addAllowedOrigin("*");
|
||||
// config.addAllowedHeader("*");
|
||||
// config.addAllowedMethod("*");
|
||||
// source.registerCorsConfiguration("/**", config);
|
||||
// return new CorsFilter(source);
|
||||
// }
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
|
||||
@@ -92,8 +87,6 @@ public class SecurityConfig {
|
||||
.sessionManagement(session -> session
|
||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||
)
|
||||
.apply(new JWTConfigurer(tokenProvider))
|
||||
.and()
|
||||
.addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class);
|
||||
|
||||
return http.build();
|
||||
|
||||
Reference in New Issue
Block a user