version 1.0.0

2021-11-05 18:25:09 +01:00 · 2021-11-05 18:25:09 +01:00 · 2a646b0ece
parent 6d4818943a
commit 2a646b0ece
2 changed files with 25 additions and 13 deletions
--- a/pom.xml
+++ b/pom.xml
@ -10,7 +10,7 @@
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>11</java.version>
-		<revision>0.5.0-SNAPSHOT</revision>
+		<revision>1.0.0</revision>
 	</properties>

 	<parent>
--- a/src/main/java/de/bstly/board/security/SecurityConfig.java
+++ b/src/main/java/de/bstly/board/security/SecurityConfig.java
@ -3,6 +3,8 @@
 */
 package de.bstly.board.security;

+import java.util.Collections;
+
 import javax.sql.DataSource;

 import org.springframework.beans.factory.annotation.Autowired;
@ -22,10 +24,14 @@ import org.springframework.security.web.authentication.rememberme.JdbcTokenRepos
 import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import com.google.common.collect.Lists;

 import de.bstly.board.businesslogic.UserManager;

-
 /**
 * The Class SecurityConfig.
 */
@ -33,29 +39,21 @@ import de.bstly.board.businesslogic.UserManager;
@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

-	
 	@Autowired
 	private UserManager localUserManager;
-	
-	
 	@Autowired
 	private OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
-	
-	
 	@Autowired
 	private DataSource dataSource;
-	
-	
 	@Value("${loginUrl:/login}")
 	private String loginUrl;
-	
-	
 	@Value("${loginTargetUrl:/}")
 	private String loginTargetUrl;

-
 	/*
-	 * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity)
+	 * @see org.springframework.security.config.annotation.web.configuration.
+	 * WebSecurityConfigurerAdapter#configure(org.springframework.security.config.
+	 * annotation.web.builders.HttpSecurity)
 	 */
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
@ -66,6 +64,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		http
 				// crsf
 				.csrf().disable()
+				// cors
+				// .cors().configurationSource(corsConfigurationSource()).and()
 				// anonymous
 				.anonymous().disable()
 				// login
@ -126,4 +126,16 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		return rememberMeServices;
 	}

+	@Bean
+	public CorsConfigurationSource corsConfigurationSource() {
+		CorsConfiguration configuration = new CorsConfiguration();
+		configuration.setAllowedOriginPatterns(Lists.newArrayList("localhost", "http://localhost",
+				"http://localhost:4200", "https://board.bstly.lh8.de"));
+		configuration.setAllowedMethods(Collections.singletonList("*"));
+		configuration.setAllowCredentials(true);
+		configuration.setAllowedHeaders(Collections.singletonList("*"));
+		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+		source.registerCorsConfiguration("/**", configuration);
+		return source;
+	}
 }