From eca57b111a6e23eb53e991bdd821b071d9c1786f Mon Sep 17 00:00:00 2001 From: mirrerror Date: Thu, 26 Oct 2023 21:55:27 +0300 Subject: [PATCH] fix cors --- pom.xml | 12 ++++++ .../expensetrackerfaf/config/CorsConfig.java | 2 +- .../expensetrackerfaf/config/CorsFilter.java | 41 ++++++++++++++++++- .../config/SecurityConfiguration.java | 17 +++----- 4 files changed, 58 insertions(+), 14 deletions(-) diff --git a/pom.xml b/pom.xml index 5744dc1..862aa65 100644 --- a/pom.xml +++ b/pom.xml @@ -73,6 +73,18 @@ jakarta.validation-api 2.0.2 + + + org.springframework.security + spring-security-web + 6.1.5 + + + + org.springframework.security + spring-security-web + 6.1.5 + diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java b/src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java index 458f2ff..c98ccdf 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java +++ b/src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java @@ -9,6 +9,6 @@ public class CorsConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/**").allowedMethods("*"); + registry.addMapping("/**").allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH").allowedOrigins("http://localhost:5173/"); } } diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java b/src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java index 59acdc8..bb34047 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java +++ b/src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java @@ -1,2 +1,39 @@ -package com.faf223.expensetrackerfaf.config;public class CorsFilter { -} +package com.faf223.expensetrackerfaf.config; + +import jakarta.servlet.*; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import org.springframework.core.Ordered; +import org.springframework.core.annotation.Order; +import org.springframework.stereotype.Component; + +import java.io.IOException; + +@Component +@Order(Ordered.HIGHEST_PRECEDENCE) +public class CorsFilter implements Filter { + + @Override + public void destroy() { + } + + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + HttpServletResponse response = (HttpServletResponse) servletResponse; + response.setHeader("Access-Control-Allow-Origin", "*"); + response.setHeader("Access-Control-Allow-Credentials", "true"); + response.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS"); + response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers"); + if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) servletRequest).getMethod())) { + response.setStatus(HttpServletResponse.SC_OK); + } else { + filterChain.doFilter(servletRequest, response); + } + + } + + @Override + public void init(FilterConfig config) { + } +} \ No newline at end of file diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java index 7343ab9..5fb1804 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java +++ b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java @@ -1,27 +1,21 @@ package com.faf223.expensetrackerfaf.config; import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; -import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; -import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService; -import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; -import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; -import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.Arrays; @Configuration @EnableWebSecurity @@ -35,6 +29,7 @@ public class SecurityConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http + .cors(new CorsConfig()) .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(auth -> auth .requestMatchers("/api/v1/auth/**").permitAll()