changed cors configuration bean definition to be reusable under different routes (#1272)
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
This commit is contained in:
@@ -103,8 +103,6 @@ import org.springframework.util.Assert;
|
|||||||
import org.springframework.util.CollectionUtils;
|
import org.springframework.util.CollectionUtils;
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
import org.springframework.web.cors.CorsConfiguration;
|
import org.springframework.web.cors.CorsConfiguration;
|
||||||
import org.springframework.web.cors.CorsConfigurationSource;
|
|
||||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
|
||||||
import org.vaadin.spring.http.HttpService;
|
import org.vaadin.spring.http.HttpService;
|
||||||
import org.vaadin.spring.security.annotation.EnableVaadinSharedSecurity;
|
import org.vaadin.spring.security.annotation.EnableVaadinSharedSecurity;
|
||||||
import org.vaadin.spring.security.config.VaadinSharedSecurityConfiguration;
|
import org.vaadin.spring.security.config.VaadinSharedSecurityConfiguration;
|
||||||
@@ -455,8 +453,8 @@ public class SecurityManagedConfiguration {
|
|||||||
http.csrf().disable();
|
http.csrf().disable();
|
||||||
http.anonymous().disable();
|
http.anonymous().disable();
|
||||||
|
|
||||||
http.antMatcher("/**/downloadId/**")
|
http.antMatcher("/**/downloadId/**").addFilterBefore(downloadIdAuthenticationFilter,
|
||||||
.addFilterBefore(downloadIdAuthenticationFilter, FilterSecurityInterceptor.class);
|
FilterSecurityInterceptor.class);
|
||||||
http.authorizeRequests().anyRequest().authenticated().and().sessionManagement()
|
http.authorizeRequests().anyRequest().authenticated().and().sessionManagement()
|
||||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||||
}
|
}
|
||||||
@@ -525,7 +523,7 @@ public class SecurityManagedConfiguration {
|
|||||||
.disable();
|
.disable();
|
||||||
|
|
||||||
if (securityProperties.getCors().isEnabled()) {
|
if (securityProperties.getCors().isEnabled()) {
|
||||||
httpSec = httpSec.cors().and();
|
httpSec = httpSec.cors().configurationSource(reuest -> corsConfiguration()).and();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (securityProperties.isRequireSsl()) {
|
if (securityProperties.isRequireSsl()) {
|
||||||
@@ -585,18 +583,15 @@ public class SecurityManagedConfiguration {
|
|||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false)
|
@ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false)
|
||||||
CorsConfigurationSource corsConfigurationSource() {
|
CorsConfiguration corsConfiguration() {
|
||||||
final CorsConfiguration restCorsConfiguration = new CorsConfiguration();
|
final CorsConfiguration corsConfiguration = new CorsConfiguration();
|
||||||
|
|
||||||
restCorsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
|
corsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
|
||||||
restCorsConfiguration.setAllowCredentials(true);
|
corsConfiguration.setAllowCredentials(true);
|
||||||
restCorsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
|
corsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
|
||||||
restCorsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());
|
corsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());
|
||||||
|
|
||||||
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
return corsConfiguration;
|
||||||
source.registerCorsConfiguration("/rest/**", restCorsConfiguration);
|
|
||||||
|
|
||||||
return source;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user