Skip to content

Commit

Permalink
enabling cors
Browse files Browse the repository at this point in the history
  • Loading branch information
@hardikSinghBehl
hardikSinghBehl committed Mar 14, 2024
1 parent 11558ad commit f49d6ac
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion src/main/java/com/behl/overseer/configuration/SecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package com.behl.overseer.configuration;

import java.util.List;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
Expand All @@ -9,6 +11,9 @@
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import com.behl.overseer.filter.JwtAuthenticationFilter;
import com.behl.overseer.filter.RateLimitFilter;
Expand Down Expand Up @@ -47,7 +52,7 @@ public class SecurityConfiguration {
@SneakyThrows
public SecurityFilterChain configure(final HttpSecurity http) {
http
.cors(corsConfigurer -> corsConfigurer.disable())
.cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource()))
.csrf(csrfConfigurer -> csrfConfigurer.disable())
.sessionManagement(sessionConfigurer -> sessionConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(authManager -> {
Expand All @@ -66,5 +71,17 @@ public SecurityFilterChain configure(final HttpSecurity http) {
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

private CorsConfigurationSource corsConfigurationSource() {
final var corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedOrigins(List.of("*"));
corsConfiguration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
corsConfiguration.setAllowedHeaders(List.of("Authorization", "Origin", "Content-Type", "Accept"));
corsConfiguration.setExposedHeaders(List.of("Content-Type", "X-Rate-Limit-Retry-After-Seconds", "X-Rate-Limit-Remaining"));

final var corsConfigurationSource = new UrlBasedCorsConfigurationSource();
corsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
return corsConfigurationSource;
}

}

0 comments on commit f49d6ac

Please sign in to comment.