Temporarily removed CORS config
Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
This commit is contained in:
@@ -84,11 +84,7 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationEn
|
|||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||||
import org.springframework.security.web.session.HttpSessionEventPublisher;
|
import org.springframework.security.web.session.HttpSessionEventPublisher;
|
||||||
import org.springframework.security.web.session.SessionManagementFilter;
|
import org.springframework.security.web.session.SessionManagementFilter;
|
||||||
import org.springframework.util.CollectionUtils;
|
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
import org.springframework.web.cors.CorsConfiguration;
|
|
||||||
import org.springframework.web.cors.CorsConfigurationSource;
|
|
||||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
|
||||||
import org.vaadin.spring.security.VaadinSecurityContext;
|
import org.vaadin.spring.security.VaadinSecurityContext;
|
||||||
import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
|
import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
|
||||||
import org.vaadin.spring.security.web.VaadinRedirectStrategy;
|
import org.vaadin.spring.security.web.VaadinRedirectStrategy;
|
||||||
@@ -454,7 +450,6 @@ public class SecurityManagedConfiguration {
|
|||||||
* Security configuration for the REST management API.
|
* Security configuration for the REST management API.
|
||||||
*/
|
*/
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
|
||||||
@Order(350)
|
@Order(350)
|
||||||
@ConditionalOnClass(MgmtApiConfiguration.class)
|
@ConditionalOnClass(MgmtApiConfiguration.class)
|
||||||
public static class RestSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
|
public static class RestSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
|
||||||
@@ -501,11 +496,6 @@ public class SecurityManagedConfiguration {
|
|||||||
basicAuthEntryPoint.setRealmName(securityProperties.getBasicRealm());
|
basicAuthEntryPoint.setRealmName(securityProperties.getBasicRealm());
|
||||||
|
|
||||||
HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
|
HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
|
||||||
|
|
||||||
if (securityProperties.getCors().isEnabled()) {
|
|
||||||
httpSec = httpSec.cors().and();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (securityProperties.isRequireSsl()) {
|
if (securityProperties.isRequireSsl()) {
|
||||||
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
|
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
|
||||||
}
|
}
|
||||||
@@ -537,22 +527,6 @@ public class SecurityManagedConfiguration {
|
|||||||
httpSec.anonymous().disable();
|
httpSec.anonymous().disable();
|
||||||
httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
|
||||||
@ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false)
|
|
||||||
CorsConfigurationSource corsConfigurationSource() {
|
|
||||||
final CorsConfiguration restCorsConfiguration = new CorsConfiguration();
|
|
||||||
|
|
||||||
restCorsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
|
|
||||||
restCorsConfiguration.setAllowCredentials(true);
|
|
||||||
restCorsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
|
|
||||||
restCorsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());
|
|
||||||
|
|
||||||
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
|
||||||
source.registerCorsConfiguration("/rest/**", restCorsConfiguration);
|
|
||||||
|
|
||||||
return source;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user