mindol1004/spring-boot-webflux-jjwt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update CORS and permit OPTION Method

Browse Source
This commit is contained in:
ard333
2018-05-17 12:39:37 +07:00
parent f4b5f8b1f7
commit bc38b5194c
2 changed files with 12 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/main/java/id/web/ard/springbootwebfluxjjwt/security/CORSFilter.java
View File

@@ -4,32 +4,21 @@
*/
package id.web.ard.springbootwebfluxjjwt.security;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.reactive.config.CorsRegistry;
import org.springframework.web.reactive.config.EnableWebFlux;
import org.springframework.web.reactive.config.WebFluxConfigurer;
/**
*
* @author ardiansyah
*/
@Component
public class CORSFilter implements WebFilter{
@Configuration
@EnableWebFlux
public class CORSFilter implements WebFluxConfigurer {
@Override
public Mono<Void> filter(ServerWebExchange swe, WebFilterChain wfc) {
//CORS
swe.getResponse().getHeaders().add("Access-Control-Allow-Origin", "*");
if (swe.getRequest().getHeaders().get("Access-Control-Request-Method") != null && "OPTIONS".equalsIgnoreCase(swe.getRequest().getMethod().toString())) {
swe.getResponse().getHeaders().add("Access-Control-Allow-Headers", "Authorization");
swe.getResponse().getHeaders().add("Access-Control-Allow-Headers", "Content-Type");
swe.getResponse().getHeaders().add("Access-Control-Max-Age", "1");
swe.getResponse().getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
}
return wfc.filter(swe);
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedMethods("*").allowedHeaders("*");
}
}
}

4
src/main/java/id/web/ard/springbootwebfluxjjwt/security/WebSecurityConfig.java
View File

@@ -2,9 +2,9 @@ package id.web.ard.springbootwebfluxjjwt.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
@@ -29,8 +29,8 @@ public class WebSecurityConfig {
.httpBasic().disable()
.authenticationManager(authenticationManager)
.securityContextRepository(securityContextRepository)
//.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.HTTP_BASIC)
.authorizeExchange()
.pathMatchers(HttpMethod.OPTIONS).permitAll()
.pathMatchers("/auth").permitAll()
.anyExchange().authenticated()
.and().build();