Temporarily removed CORS config

Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
This commit is contained in:
Dominic Schabel
2020-01-14 13:06:36 +01:00
parent 8d3ba68be9
commit 38017ba7bc

View File

@@ -84,11 +84,7 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationEn
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.session.HttpSessionEventPublisher; import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.security.web.session.SessionManagementFilter; import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.vaadin.spring.security.VaadinSecurityContext; import org.vaadin.spring.security.VaadinSecurityContext;
import org.vaadin.spring.security.annotation.EnableVaadinSecurity; import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
import org.vaadin.spring.security.web.VaadinRedirectStrategy; import org.vaadin.spring.security.web.VaadinRedirectStrategy;
@@ -454,7 +450,6 @@ public class SecurityManagedConfiguration {
* Security configuration for the REST management API. * Security configuration for the REST management API.
*/ */
@Configuration @Configuration
@EnableWebSecurity
@Order(350) @Order(350)
@ConditionalOnClass(MgmtApiConfiguration.class) @ConditionalOnClass(MgmtApiConfiguration.class)
public static class RestSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { public static class RestSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@@ -501,11 +496,6 @@ public class SecurityManagedConfiguration {
basicAuthEntryPoint.setRealmName(securityProperties.getBasicRealm()); basicAuthEntryPoint.setRealmName(securityProperties.getBasicRealm());
HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable(); HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
if (securityProperties.getCors().isEnabled()) {
httpSec = httpSec.cors().and();
}
if (securityProperties.isRequireSsl()) { if (securityProperties.isRequireSsl()) {
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and(); httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
} }
@@ -537,22 +527,6 @@ public class SecurityManagedConfiguration {
httpSec.anonymous().disable(); httpSec.anonymous().disable();
httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
} }
@Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false)
CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration restCorsConfiguration = new CorsConfiguration();
restCorsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
restCorsConfiguration.setAllowCredentials(true);
restCorsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
restCorsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/rest/**", restCorsConfiguration);
return source;
}
} }
/** /**