From 00682d3bf8c093bcdf80daf6f0bcfae0e2057e46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20=C5=A0eda?= <441048@mail.muni.cz>
Date: Mon, 26 Aug 2019 13:13:03 +0000
Subject: [PATCH] spring bean for cors based as primary filter.

---
 .../config/ResourceServerSecurityConfig.java  | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/kypo2-security-user-and-group/src/main/java/cz/muni/ics/kypo/userandgroup/security/config/ResourceServerSecurityConfig.java b/kypo2-security-user-and-group/src/main/java/cz/muni/ics/kypo/userandgroup/security/config/ResourceServerSecurityConfig.java
index 8faea002..b08d1fbf 100644
--- a/kypo2-security-user-and-group/src/main/java/cz/muni/ics/kypo/userandgroup/security/config/ResourceServerSecurityConfig.java
+++ b/kypo2-security-user-and-group/src/main/java/cz/muni/ics/kypo/userandgroup/security/config/ResourceServerSecurityConfig.java
@@ -11,10 +11,9 @@ import org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationSe
 import org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.*;
+import org.springframework.core.Ordered;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
@@ -26,6 +25,7 @@ import org.springframework.security.web.session.HttpSessionEventPublisher;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
 
 import java.util.*;
 import java.util.stream.Collectors;
@@ -58,14 +58,17 @@ public class ResourceServerSecurityConfig extends ResourceServerConfigurerAdapte
     private CustomAuthorityGranter customAuthorityGranter;
 
     @Bean
+    @Primary
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(Arrays.asList(corsAllowedOrigins));
-        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
-        configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
-        configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
+        configuration.setAllowedOrigins(List.of(corsAllowedOrigins));
+        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        configuration.setAllowedHeaders(List.of("authorization", "content-type", "x-auth-token"));
+        configuration.setExposedHeaders(List.of("x-auth-token"));
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
+        FilterRegistrationBean corsFilter = new FilterRegistrationBean(new CorsFilter(source));
+        corsFilter.setOrder(Ordered.HIGHEST_PRECEDENCE);
         return source;
     }
 
-- 
GitLab