|
|
@@ -15,6 +15,11 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|
|
+import org.springframework.web.cors.CorsConfiguration;
|
|
|
+import org.springframework.web.cors.reactive.CorsConfigurationSource;
|
|
|
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
|
|
|
+
|
|
|
+import java.util.Arrays;
|
|
|
|
|
|
import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
|
|
|
|
|
|
@@ -28,7 +33,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
|
|
@Override
|
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
|
- http.csrf().disable();
|
|
|
+ http.csrf().disable().csrf();
|
|
|
http.sessionManagement().sessionCreationPolicy(STATELESS);
|
|
|
http.authorizeRequests().antMatchers("/api/v*/registration/**", "/api/v*/users/token/refresh/**").permitAll();
|
|
|
http.authorizeRequests().antMatchers("/api/v*/**").hasAnyAuthority("USER");
|
|
|
@@ -36,6 +41,16 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
|
|
|
}
|
|
|
|
|
|
+ @Bean
|
|
|
+ CorsConfigurationSource corsConfigurationSource() {
|
|
|
+ CorsConfiguration configuration = new CorsConfiguration();
|
|
|
+ configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000"));
|
|
|
+ configuration.setAllowedMethods(Arrays.asList("GET","POST"));
|
|
|
+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
|
|
+ source.registerCorsConfiguration("/**", configuration);
|
|
|
+ return source;
|
|
|
+ }
|
|
|
+
|
|
|
@Bean
|
|
|
@Override
|
|
|
public AuthenticationManager authenticationManagerBean() throws Exception {
|
|
|
@@ -43,7 +58,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
}
|
|
|
|
|
|
@Override
|
|
|
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
|
+ protected void configure(AuthenticationManagerBuilder auth){
|
|
|
auth.authenticationProvider(daoAuthenticationProvider());
|
|
|
}
|
|
|
@Bean
|
Blazej