diff --git a/src/main/java/id/web/ard/springbootwebfluxjjwt/security/CORSFilter.java b/src/main/java/id/web/ard/springbootwebfluxjjwt/security/CORSFilter.java index cbca046..1817475 100644 --- a/src/main/java/id/web/ard/springbootwebfluxjjwt/security/CORSFilter.java +++ b/src/main/java/id/web/ard/springbootwebfluxjjwt/security/CORSFilter.java @@ -4,32 +4,21 @@ */ package id.web.ard.springbootwebfluxjjwt.security; -import org.springframework.stereotype.Component; -import org.springframework.web.server.ServerWebExchange; -import org.springframework.web.server.WebFilter; -import org.springframework.web.server.WebFilterChain; -import reactor.core.publisher.Mono; +import org.springframework.context.annotation.Configuration; +import org.springframework.web.reactive.config.CorsRegistry; +import org.springframework.web.reactive.config.EnableWebFlux; +import org.springframework.web.reactive.config.WebFluxConfigurer; /** * * @author ardiansyah */ -@Component -public class CORSFilter implements WebFilter{ +@Configuration +@EnableWebFlux +public class CORSFilter implements WebFluxConfigurer { @Override - public Mono filter(ServerWebExchange swe, WebFilterChain wfc) { - - //CORS - swe.getResponse().getHeaders().add("Access-Control-Allow-Origin", "*"); - if (swe.getRequest().getHeaders().get("Access-Control-Request-Method") != null && "OPTIONS".equalsIgnoreCase(swe.getRequest().getMethod().toString())) { - swe.getResponse().getHeaders().add("Access-Control-Allow-Headers", "Authorization"); - swe.getResponse().getHeaders().add("Access-Control-Allow-Headers", "Content-Type"); - swe.getResponse().getHeaders().add("Access-Control-Max-Age", "1"); - swe.getResponse().getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); - } - - return wfc.filter(swe); + public void addCorsMappings(CorsRegistry registry) { + registry.addMapping("/**").allowedOrigins("*").allowedMethods("*").allowedHeaders("*"); } - -} +} \ No newline at end of file diff --git a/src/main/java/id/web/ard/springbootwebfluxjjwt/security/WebSecurityConfig.java b/src/main/java/id/web/ard/springbootwebfluxjjwt/security/WebSecurityConfig.java index 6051932..097e1e9 100644 --- a/src/main/java/id/web/ard/springbootwebfluxjjwt/security/WebSecurityConfig.java +++ b/src/main/java/id/web/ard/springbootwebfluxjjwt/security/WebSecurityConfig.java @@ -2,9 +2,9 @@ package id.web.ard.springbootwebfluxjjwt.security; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; -import org.springframework.security.config.web.server.SecurityWebFiltersOrder; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.web.server.SecurityWebFilterChain; @@ -29,8 +29,8 @@ public class WebSecurityConfig { .httpBasic().disable() .authenticationManager(authenticationManager) .securityContextRepository(securityContextRepository) - //.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.HTTP_BASIC) .authorizeExchange() + .pathMatchers(HttpMethod.OPTIONS).permitAll() .pathMatchers("/auth").permitAll() .anyExchange().authenticated() .and().build();