changed cors configuration bean definition to be reusable under different routes (#1272)

Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
2022-08-19 09:12:22 +02:00
parent a8ab467ac5
commit ccb5fa3b3f
1 changed files with 10 additions and 15 deletions
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
@@ -103,8 +103,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.vaadin.spring.http.HttpService;
 import org.vaadin.spring.security.annotation.EnableVaadinSharedSecurity;
 import org.vaadin.spring.security.config.VaadinSharedSecurityConfiguration;
@@ -455,8 +453,8 @@ public class SecurityManagedConfiguration {
            http.csrf().disable();
            http.anonymous().disable();

-            http.antMatcher("/**/downloadId/**")
-                    .addFilterBefore(downloadIdAuthenticationFilter, FilterSecurityInterceptor.class);
+            http.antMatcher("/**/downloadId/**").addFilterBefore(downloadIdAuthenticationFilter,
+                    FilterSecurityInterceptor.class);
            http.authorizeRequests().anyRequest().authenticated().and().sessionManagement()
                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }
@@ -525,7 +523,7 @@ public class SecurityManagedConfiguration {
                    .disable();

            if (securityProperties.getCors().isEnabled()) {
-                httpSec = httpSec.cors().and();
+                httpSec = httpSec.cors().configurationSource(reuest -> corsConfiguration()).and();
            }

            if (securityProperties.isRequireSsl()) {
@@ -585,18 +583,15 @@ public class SecurityManagedConfiguration {

        @Bean
        @ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false)
-        CorsConfigurationSource corsConfigurationSource() {
-            final CorsConfiguration restCorsConfiguration = new CorsConfiguration();
+        CorsConfiguration corsConfiguration() {
+            final CorsConfiguration corsConfiguration = new CorsConfiguration();

-            restCorsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
-            restCorsConfiguration.setAllowCredentials(true);
-            restCorsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
-            restCorsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());
+            corsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
+            corsConfiguration.setAllowCredentials(true);
+            corsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
+            corsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());

-            final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-            source.registerCorsConfiguration("/rest/**", restCorsConfiguration);
-
-            return source;
+            return corsConfiguration;
        }
    }