|
|
@@ -16,10 +16,12 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|
|
import org.springframework.web.cors.CorsConfiguration;
|
|
|
-import org.springframework.web.cors.reactive.CorsConfigurationSource;
|
|
|
-import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
|
|
|
+import org.springframework.web.cors.CorsConfigurationSource;
|
|
|
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
|
|
+
|
|
|
|
|
|
import java.util.Arrays;
|
|
|
+import java.util.Collections;
|
|
|
|
|
|
import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
|
|
|
|
|
|
@@ -33,7 +35,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
|
|
@Override
|
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
|
- http.csrf().disable().csrf();
|
|
|
+ http.cors();
|
|
|
+ http.csrf().disable();
|
|
|
http.sessionManagement().sessionCreationPolicy(STATELESS);
|
|
|
http.authorizeRequests().antMatchers("/api/v*/registration/**", "/api/v*/users/token/refresh/**", "/api/v*/plants/no-auth").permitAll();
|
|
|
http.authorizeRequests().antMatchers("/api/v*/**").hasAnyAuthority("USER");
|
|
|
@@ -44,7 +47,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
@Bean
|
|
|
CorsConfigurationSource corsConfigurationSource() {
|
|
|
CorsConfiguration configuration = new CorsConfiguration();
|
|
|
- configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000"));
|
|
|
+ configuration.setAllowedOrigins(Collections.singletonList("http://localhost:3000"));
|
|
|
configuration.setAllowedMethods(Arrays.asList("GET","POST"));
|
|
|
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
|
|
source.registerCorsConfiguration("/**", configuration);
|
Blazej