Skip to content

Commit d00575b

Browse files
akirasosaakirasosa
committed
fix cors support
1 parent f75761a commit d00575b

File tree

3 files changed

+42
-26
lines changed

3 files changed

+42
-26
lines changed

src/main/java/com/myapp/auth/SecurityConfig.java

Lines changed: 15 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,21 +14,26 @@
1414
import org.springframework.security.core.userdetails.UserDetailsService;
1515
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
1616
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
17+
import org.springframework.web.filter.CorsFilter;
1718

1819
@Configuration
1920
@EnableWebSecurity
2021
@Order(1)
2122
public class SecurityConfig extends WebSecurityConfigurerAdapter {
2223

23-
final private UserService userService;
24+
private final UserService userService;
2425

25-
final private TokenAuthenticationService tokenAuthenticationService;
26+
private final TokenAuthenticationService tokenAuthenticationService;
27+
private final CorsFilter corsFilter;
2628

2729
@Autowired
28-
public SecurityConfig(UserService userService, TokenAuthenticationService tokenAuthenticationService) {
30+
public SecurityConfig(UserService userService,
31+
TokenAuthenticationService tokenAuthenticationService,
32+
CorsFilter corsFilter) {
2933
super(true);
3034
this.userService = userService;
3135
this.tokenAuthenticationService = tokenAuthenticationService;
36+
this.corsFilter = corsFilter;
3237
}
3338

3439
@Override
@@ -47,11 +52,15 @@ protected void configure(HttpSecurity http) throws Exception {
4752
.antMatchers(HttpMethod.GET, "/api/users").hasRole("USER")
4853
.antMatchers(HttpMethod.GET, "/api/users/me").hasRole("USER")
4954
.antMatchers(HttpMethod.GET, "/api/users/me/microposts").hasRole("USER")
50-
.antMatchers("/api/microposts/**").hasRole("USER")
51-
.antMatchers("/api/relationships/**").hasRole("USER")
52-
.antMatchers("/api/feed").hasRole("USER")
55+
.antMatchers(HttpMethod.POST, "/api/microposts/**").hasRole("USER")
56+
.antMatchers(HttpMethod.DELETE, "/api/microposts/**").hasRole("USER")
57+
.antMatchers(HttpMethod.POST, "/api/relationships/**").hasRole("USER")
58+
.antMatchers(HttpMethod.DELETE, "/api/relationships/**").hasRole("USER")
59+
.antMatchers(HttpMethod.GET, "/api/feed").hasRole("USER")
60+
.antMatchers(HttpMethod.OPTIONS, "/api/**").permitAll()
5361
;
5462

63+
http.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class);
5564
http.addFilterBefore(
5665
new StatelessLoginFilter(
5766
"/api/login",

src/main/java/com/myapp/config/CORSConfig.java

Lines changed: 0 additions & 20 deletions
This file was deleted.

src/main/java/com/myapp/config/CorsConfig.java

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
package com.myapp.config;
2+
3+
import org.springframework.context.annotation.Bean;
4+
import org.springframework.context.annotation.Configuration;
5+
import org.springframework.web.cors.CorsConfiguration;
6+
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
7+
import org.springframework.web.filter.CorsFilter;
8+
9+
import static java.util.Arrays.asList;
10+
11+
@Configuration
12+
public class CorsConfig {
13+
14+
@Bean
15+
public CorsFilter corsFilter() {
16+
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
17+
CorsConfiguration config = new CorsConfiguration();
18+
config.addAllowedOrigin("*");
19+
config.setAllowedMethods(asList("GET", "HEAD", "POST", "PUT", "PATCH", "DELETE"));
20+
config.setAllowedHeaders(asList("x-auth-token", "content-type"));
21+
config.addExposedHeader("x-auth-token");
22+
config.setMaxAge(864000L);
23+
source.registerCorsConfiguration("/api/**", config);
24+
return new CorsFilter(source);
25+
}
26+
27+
}

0 commit comments

Comments
 (0)