changed cors configuration bean definition to be reusable under different routes (#1272)

Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>

Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
This commit is contained in:
Bondar Bogdan
2022-08-19 09:12:22 +02:00
committed by GitHub
parent a8ab467ac5
commit ccb5fa3b3f

View File

@@ -103,8 +103,6 @@ import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils; import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.vaadin.spring.http.HttpService; import org.vaadin.spring.http.HttpService;
import org.vaadin.spring.security.annotation.EnableVaadinSharedSecurity; import org.vaadin.spring.security.annotation.EnableVaadinSharedSecurity;
import org.vaadin.spring.security.config.VaadinSharedSecurityConfiguration; import org.vaadin.spring.security.config.VaadinSharedSecurityConfiguration;
@@ -455,8 +453,8 @@ public class SecurityManagedConfiguration {
http.csrf().disable(); http.csrf().disable();
http.anonymous().disable(); http.anonymous().disable();
http.antMatcher("/**/downloadId/**") http.antMatcher("/**/downloadId/**").addFilterBefore(downloadIdAuthenticationFilter,
.addFilterBefore(downloadIdAuthenticationFilter, FilterSecurityInterceptor.class); FilterSecurityInterceptor.class);
http.authorizeRequests().anyRequest().authenticated().and().sessionManagement() http.authorizeRequests().anyRequest().authenticated().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS); .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
} }
@@ -525,7 +523,7 @@ public class SecurityManagedConfiguration {
.disable(); .disable();
if (securityProperties.getCors().isEnabled()) { if (securityProperties.getCors().isEnabled()) {
httpSec = httpSec.cors().and(); httpSec = httpSec.cors().configurationSource(reuest -> corsConfiguration()).and();
} }
if (securityProperties.isRequireSsl()) { if (securityProperties.isRequireSsl()) {
@@ -585,18 +583,15 @@ public class SecurityManagedConfiguration {
@Bean @Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false) @ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false)
CorsConfigurationSource corsConfigurationSource() { CorsConfiguration corsConfiguration() {
final CorsConfiguration restCorsConfiguration = new CorsConfiguration(); final CorsConfiguration corsConfiguration = new CorsConfiguration();
restCorsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins()); corsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
restCorsConfiguration.setAllowCredentials(true); corsConfiguration.setAllowCredentials(true);
restCorsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders()); corsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
restCorsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods()); corsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); return corsConfiguration;
source.registerCorsConfiguration("/rest/**", restCorsConfiguration);
return source;
} }
} }