andifalk · andifalk · Nov 22, 2019 · Nov 19, 2019 · Nov 19, 2019 · Nov 19, 2019
diff --git a/...e-automatic/src/main/java/com/example/library/server/config/WebSecurityConfiguration.java b/...e-automatic/src/main/java/com/example/library/server/config/WebSecurityConfiguration.java
@@ -1,20 +1,23 @@
 package com.example.library.server.config;
 
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {
 
   @Override
   protected void configure(HttpSecurity http) throws Exception {
     http.sessionManagement()
         .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-        .and()
+        .and().cors().and()
         .csrf()
         .disable()
         .authorizeRequests()
@@ -24,4 +27,9 @@ protected void configure(HttpSecurity http) throws Exception {
         .oauth2ResourceServer()
         .jwt();
   }
+
+  @Override
+  public void addCorsMappings(CorsRegistry registry) {
+    registry.addMapping("/**");
+  }
 }
diff --git a/...lete-custom/src/main/java/com/example/library/server/config/WebSecurityConfiguration.java b/...lete-custom/src/main/java/com/example/library/server/config/WebSecurityConfiguration.java
@@ -8,6 +8,7 @@
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -18,64 +19,82 @@
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtValidators;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.Arrays;
 
 @Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
-  private final OAuth2ResourceServerProperties oAuth2ResourceServerProperties;
+    private final OAuth2ResourceServerProperties oAuth2ResourceServerProperties;
+
+    private final LibraryUserDetailsService libraryUserDetailsService;
 
-  private final LibraryUserDetailsService libraryUserDetailsService;
+    @Autowired
+    public WebSecurityConfiguration(
+            OAuth2ResourceServerProperties oAuth2ResourceServerProperties,
+            LibraryUserDetailsService libraryUserDetailsService) {
+        this.oAuth2ResourceServerProperties = oAuth2ResourceServerProperties;
+        this.libraryUserDetailsService = libraryUserDetailsService;
+    }
 
-  @Autowired
-  public WebSecurityConfiguration(
-      OAuth2ResourceServerProperties oAuth2ResourceServerProperties,
-      LibraryUserDetailsService libraryUserDetailsService) {
-    this.oAuth2ResourceServerProperties = oAuth2ResourceServerProperties;
-    this.libraryUserDetailsService = libraryUserDetailsService;
-  }
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .cors(Customizer.withDefaults())
+                .csrf()
+                .disable()
+                .authorizeRequests()
+                .anyRequest()
+                .fullyAuthenticated()
+                .and()
+                .oauth2ResourceServer()
+                .jwt()
+                .jwtAuthenticationConverter(libraryUserJwtAuthenticationConverter());
+    }
 
-  @Override
-  protected void configure(HttpSecurity http) throws Exception {
-    http.sessionManagement()
-        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-        .and()
-        .csrf()
-        .disable()
-        .authorizeRequests()
-        .anyRequest()
-        .fullyAuthenticated()
-        .and()
-        .oauth2ResourceServer()
-        .jwt()
-        .jwtAuthenticationConverter(libraryUserJwtAuthenticationConverter());
-  }
+    @Bean
+    JwtDecoder jwtDecoder() {
+        NimbusJwtDecoder jwtDecoder =
+                NimbusJwtDecoder.withJwkSetUri(oAuth2ResourceServerProperties.getJwt().getJwkSetUri())
+                        .build();
 
-  @Bean
-  JwtDecoder jwtDecoder() {
-    NimbusJwtDecoder jwtDecoder =
-        NimbusJwtDecoder.withJwkSetUri(oAuth2ResourceServerProperties.getJwt().getJwkSetUri())
-            .build();
+        OAuth2TokenValidator<Jwt> audienceValidator = new AudienceValidator();
+        OAuth2TokenValidator<Jwt> withIssuer =
+                JwtValidators.createDefaultWithIssuer(
+                        oAuth2ResourceServerProperties.getJwt().getIssuerUri());
+        OAuth2TokenValidator<Jwt> withAudience =
+                new DelegatingOAuth2TokenValidator<>(withIssuer, audienceValidator);
 
-    OAuth2TokenValidator<Jwt> audienceValidator = new AudienceValidator();
-    OAuth2TokenValidator<Jwt> withIssuer =
-        JwtValidators.createDefaultWithIssuer(
-            oAuth2ResourceServerProperties.getJwt().getIssuerUri());
-    OAuth2TokenValidator<Jwt> withAudience =
-        new DelegatingOAuth2TokenValidator<>(withIssuer, audienceValidator);
+        jwtDecoder.setJwtValidator(withAudience);
 
-    jwtDecoder.setJwtValidator(withAudience);
+        return jwtDecoder;
+    }
 
-    return jwtDecoder;
-  }
+    @Bean
+    LibraryUserJwtAuthenticationConverter libraryUserJwtAuthenticationConverter() {
+        return new LibraryUserJwtAuthenticationConverter(libraryUserDetailsService);
+    }
 
-  @Bean
-  LibraryUserJwtAuthenticationConverter libraryUserJwtAuthenticationConverter() {
-    return new LibraryUserJwtAuthenticationConverter(libraryUserDetailsService);
-  }
+    @Bean
+    LibraryUserRolesJwtAuthenticationConverter libraryUserRolesJwtAuthenticationConverter() {
+        return new LibraryUserRolesJwtAuthenticationConverter(libraryUserDetailsService);
+    }
 
-  @Bean
-  LibraryUserRolesJwtAuthenticationConverter libraryUserRolesJwtAuthenticationConverter() {
-    return new LibraryUserRolesJwtAuthenticationConverter(libraryUserDetailsService);
-  }
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(Arrays.asList("https://localhost:4200", "http://localhost:4200"));
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }