Merge pull request #58 from consiglionazionaledellericerche/26-introd…

…urre-la-configurabilità-delle-cors-tramite-properties Aggiunta CORS e relativa configurabilità.
consiglionazionaledellericerche · Nov 5, 2024 · f8905e2 · f8905e2
2 parents b68d197 + 7627e8e
commit f8905e2
Show file tree

Hide file tree

Showing 6 changed files with 130 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,7 +15,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  - API Rest per la gestione dei PersonMonths hourRecap (Riepilogo Ore)
  - API Rest per la gestione dei PersonMonths trainingHours (Ore Formazione)
  - Aggiunte drools per il funzionamento delle API Rest delle timbrature e delle ore di formazione
-
+ - Aggiunta gestione e configurabilità CORS
+
 ## [0.4.1] - 2024-07-05
 ### Added
 - API Rest per il controllo della secure.check

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -21,4 +21,5 @@ services:
       - spring.security.oauth2.resourceserver.jwt.issuer-uri=${OAUTH2_JWT_ISSUER_URI}
       - epas.security.oauth2.jwtfield=${OAUTH2_JWT_FIELD}
       - epas.security.oauth2.userAuthIdentifier=${OAUTH2_USER_AUTH_IDENTIFIER}
-
+      #- epas.cors.allowedOrigins[0]=http://localhost:300
+      #- epas.cors.allowedOrigins[1]=https://*.cnr.it
diff --git a/src/main/java/it/cnr/iit/epas/config/CorsConfig.java b/src/main/java/it/cnr/iit/epas/config/CorsConfig.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2024 Consiglio Nazionale delle Ricerche
+ *
+ *     This program is free software: you can redistribute it and/or modify
+ *     it under the terms of the GNU Affero General Public License as
+ *     published by the Free Software Foundation, either version 3 of the
+ *     License, or (at your option) any later version.
+ *
+ *     This program is distributed in the hope that it will be useful,
+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *     GNU Affero General Public License for more details.
+ *
+ *     You should have received a copy of the GNU Affero General Public License
+ *     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package it.cnr.iit.epas.config;
+
+import java.util.Arrays;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+/**
+ * Configurazione dei parametri relativi al CORS.
+ *
+ * @author Cristian Lucchesi
+ *
+ */
+@Slf4j
+@Configuration
+@RequiredArgsConstructor
+public class CorsConfig {
+
+  private final CorsSettings cors;
+
+  @Bean
+  CorsConfigurationSource corsConfigurationSource() {
+
+    CorsConfiguration configuration = new CorsConfiguration();
+
+    log.info("Cors config ={}", cors);
+    if (cors.getAllowedOrigins() != null || cors.getAllowedMethods() != null) {
+      configuration.setAllowedHeaders(Arrays.asList("*"));
+    }
+
+    if (cors.getAllowedOrigins() != null) {
+      log.info("cors.getAllowedOrigins() != null, imposto allowedOrigins = {}", 
+          cors.getAllowedOrigins().toString());
+      configuration.setAllowedOriginPatterns(Arrays.asList(cors.getAllowedOrigins()));
+    }
+
+    if (cors.getAllowedMethods() != null) {
+      configuration.setAllowedMethods(Arrays.asList(cors.getAllowedMethods()));
+    }
+
+    if (cors.getMaxAge() != null) {
+      configuration.setMaxAge(cors.getMaxAge());
+    }
+
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+
+    source.registerCorsConfiguration("/**", configuration);
+    return source;
+  }
+
+}
diff --git a/src/main/java/it/cnr/iit/epas/config/CorsSettings.java b/src/main/java/it/cnr/iit/epas/config/CorsSettings.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2024  Consiglio Nazionale delle Ricerche
+ *
+ *     This program is free software: you can redistribute it and/or modify
+ *     it under the terms of the GNU Affero General Public License as
+ *     published by the Free Software Foundation, either version 3 of the
+ *     License, or (at your option) any later version.
+ *
+ *     This program is distributed in the hope that it will be useful,
+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *     GNU Affero General Public License for more details.
+ *
+ *     You should have received a copy of the GNU Affero General Public License
+ *     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package it.cnr.iit.epas.config;
+
+import lombok.Data;
+import lombok.ToString;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+import org.springframework.validation.annotation.Validated;
+
+/**
+ * Bean per contenere i parametri relativi al CORS.
+ *
+ * @author Cristian Lucchesi
+ *
+ */
+@ToString
+@Data
+@Component
+@Validated
+@ConfigurationProperties(prefix = "epas.cors")
+public class CorsSettings {
+
+    private String[] allowedOrigins;
+
+    private String[] allowedMethods;
+
+    private Long maxAge;
+
+}
diff --git a/src/main/java/it/cnr/iit/epas/config/WebMvcConfig.java b/src/main/java/it/cnr/iit/epas/config/WebMvcConfig.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2023  Consiglio Nazionale delle Ricerche
+ * Copyright (C) 2024  Consiglio Nazionale delle Ricerche
  *
  *     This program is free software: you can redistribute it and/or modify
  *     it under the terms of the GNU Affero General Public License as
@@ -14,11 +14,10 @@
  *     You should have received a copy of the GNU Affero General Public License
  *     along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
-
 package it.cnr.iit.epas.config;
 
 import it.cnr.iit.epas.security.DroolsHandler;
-import javax.inject.Inject;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.context.request.RequestContextListener;
@@ -31,12 +30,13 @@
  * @author Daniele Murgia
  * @author Cristian Lucchesi
  */
+@RequiredArgsConstructor
 @Configuration
 public class WebMvcConfig implements WebMvcConfigurer {
 
-  @Inject
-  private DroolsHandler droolsHandler;
+  private final DroolsHandler droolsHandler;
 
+
   /**
    * Automatizza la chiamata delle drools all'ingresso dei metodi dei controller. Non ha effetto sui
    * metodi annotati con la @Preauthorize.

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -14,4 +14,9 @@ spring.main.allow-circular-references=true
 springdoc.packagesToScan=it.cnr.iit.epas.controller
 
 #logging
-logging.level.it.cnr.iit.epas=INFO
+logging.level.it.cnr.iit.epas=INFO
+
+epas.cors.allowedOrigins[0]=http://localhost:3000
+epas.cors.allowedOrigins[1]=https://*.cnr.it
+epas.cors.allowedMethods[0]=*
+epas.cors.maxAge=3600