diff --git a/kypo2-security-user-and-group/src/main/java/cz/muni/ics/kypo/userandgroup/security/config/ResourceServerSecurityConfig.java b/kypo2-security-user-and-group/src/main/java/cz/muni/ics/kypo/userandgroup/security/config/ResourceServerSecurityConfig.java index 8faea0021a6a2350d7088db0318ec761a391e472..b08d1fbfd395a56e89c80b3a0c617fd4fc1755ef 100644 --- a/kypo2-security-user-and-group/src/main/java/cz/muni/ics/kypo/userandgroup/security/config/ResourceServerSecurityConfig.java +++ b/kypo2-security-user-and-group/src/main/java/cz/muni/ics/kypo/userandgroup/security/config/ResourceServerSecurityConfig.java @@ -11,10 +11,9 @@ import org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationSe import org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Import; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.*; +import org.springframework.core.Ordered; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.http.SessionCreationPolicy; @@ -26,6 +25,7 @@ import org.springframework.security.web.session.HttpSessionEventPublisher; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.filter.CorsFilter; import java.util.*; import java.util.stream.Collectors; @@ -58,14 +58,17 @@ public class ResourceServerSecurityConfig extends ResourceServerConfigurerAdapte private CustomAuthorityGranter customAuthorityGranter; @Bean + @Primary public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - configuration.setAllowedOrigins(Arrays.asList(corsAllowedOrigins)); - configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); - configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token")); - configuration.setExposedHeaders(Arrays.asList("x-auth-token")); + configuration.setAllowedOrigins(List.of(corsAllowedOrigins)); + configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); + configuration.setAllowedHeaders(List.of("authorization", "content-type", "x-auth-token")); + configuration.setExposedHeaders(List.of("x-auth-token")); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); + FilterRegistrationBean corsFilter = new FilterRegistrationBean(new CorsFilter(source)); + corsFilter.setOrder(Ordered.HIGHEST_PRECEDENCE); return source; }