mindol1004/spring-boot-webflux-jjwt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update CORS and permit OPTION Method

Browse Source
This commit is contained in:
ard333
2018-05-17 12:39:37 +07:00
parent f4b5f8b1f7
commit bc38b5194c
2 changed files with 12 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/main/java/id/web/ard/springbootwebfluxjjwt/security/CORSFilter.java
View File

@@ -4,32 +4,21 @@
*/ */
package id.web.ard.springbootwebfluxjjwt.security; package id.web.ard.springbootwebfluxjjwt.security;
import org.springframework.stereotype.Component; import org.springframework.context.annotation.Configuration;
import org.springframework.web.server.ServerWebExchange; import org.springframework.web.reactive.config.CorsRegistry;
import org.springframework.web.server.WebFilter; import org.springframework.web.reactive.config.EnableWebFlux;
import org.springframework.web.server.WebFilterChain; import org.springframework.web.reactive.config.WebFluxConfigurer;
import reactor.core.publisher.Mono;
/** /**
* *
* @author ardiansyah * @author ardiansyah
*/ */
@Component @Configuration
public class CORSFilter implements WebFilter{ @EnableWebFlux
public class CORSFilter implements WebFluxConfigurer {
@Override @Override
public Mono<Void> filter(ServerWebExchange swe, WebFilterChain wfc) { public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedMethods("*").allowedHeaders("*");
//CORS
swe.getResponse().getHeaders().add("Access-Control-Allow-Origin", "*");
if (swe.getRequest().getHeaders().get("Access-Control-Request-Method") != null && "OPTIONS".equalsIgnoreCase(swe.getRequest().getMethod().toString())) {
swe.getResponse().getHeaders().add("Access-Control-Allow-Headers", "Authorization");
swe.getResponse().getHeaders().add("Access-Control-Allow-Headers", "Content-Type");
swe.getResponse().getHeaders().add("Access-Control-Max-Age", "1");
swe.getResponse().getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
}
return wfc.filter(swe);
} }
}
}

4
src/main/java/id/web/ard/springbootwebfluxjjwt/security/WebSecurityConfig.java
View File

@@ -2,9 +2,9 @@ package id.web.ard.springbootwebfluxjjwt.security;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain;
@@ -29,8 +29,8 @@ public class WebSecurityConfig {
.httpBasic().disable() .httpBasic().disable()
.authenticationManager(authenticationManager) .authenticationManager(authenticationManager)
.securityContextRepository(securityContextRepository) .securityContextRepository(securityContextRepository)
//.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.HTTP_BASIC)
.authorizeExchange() .authorizeExchange()
.pathMatchers(HttpMethod.OPTIONS).permitAll()
.pathMatchers("/auth").permitAll() .pathMatchers("/auth").permitAll()
.anyExchange().authenticated() .anyExchange().authenticated()
.and().build(); .and().build();