From aa24694ee7f87d2e9a31f230845d21590c1330b5 Mon Sep 17 00:00:00 2001 From: Lena Sotnik Date: Sat, 17 Feb 2024 08:45:52 +0200 Subject: [PATCH] Commit with securityConfig update --- .../java/greencity/config/SecurityConfig.java | 31 +++++++------------ 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/core/src/main/java/greencity/config/SecurityConfig.java b/core/src/main/java/greencity/config/SecurityConfig.java index f836277f4f..9a5aa931ae 100644 --- a/core/src/main/java/greencity/config/SecurityConfig.java +++ b/core/src/main/java/greencity/config/SecurityConfig.java @@ -16,7 +16,6 @@ import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @@ -87,13 +86,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(Collections.singletonList("http://localhost:4200")); config.setAllowedOrigins(Collections.singletonList("http://localhost:4205")); + config.setAllowedOrigins(Collections.singletonList("*")); config.setAllowedMethods( Arrays.asList("GET", "POST", "OPTIONS", "DELETE", "PUT", "PATCH")); config.setAllowedHeaders( Arrays.asList("Access-Control-Allow-Origin", "Access-Control-Allow-Headers", "X-Requested-With", "Origin", "Content-Type", "Accept", "Authorization")); - config.setAllowCredentials(true); config.setAllowedHeaders(Collections.singletonList("*")); + config.setAllowCredentials(true); config.setMaxAge(3600L); return config; })) @@ -105,9 +105,18 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .sendError(SC_UNAUTHORIZED, "Authorize first.")) .accessDeniedHandler((req, resp, exc) -> resp.sendError(SC_FORBIDDEN, "You don't have authorities."))) .authorizeHttpRequests(req -> req + .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() .requestMatchers("/", "/management/", "/management/login").permitAll() .requestMatchers("/management/**") .hasAnyRole(ADMIN) + .requestMatchers("/v2/api-docs/**", + "/v3/api-docs/**", + "/swagger.json", + "/swagger-ui.html", + "/swagger-ui/**", + "/swagger-resources/**", + "/webjars/**") + .permitAll() .requestMatchers("/css/**", "/img/**") .permitAll() @@ -385,24 +394,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti return http.build(); } - /** - * Method for configure matchers that will be ignored in security. - * - * @return {@link WebSecurityCustomizer} - */ - @Bean - public WebSecurityCustomizer webSecurityCustomizer() { - return web -> { - web.ignoring().requestMatchers("/v2/api-docs/**"); - web.ignoring().requestMatchers("/v3/api-docs/**"); - web.ignoring().requestMatchers("/swagger.json"); - web.ignoring().requestMatchers("/swagger-ui.html"); - web.ignoring().requestMatchers("/swagger-resources/**"); - web.ignoring().requestMatchers("/webjars/**"); - web.ignoring().requestMatchers("/swagger-ui/**"); - }; - } - /** * Method for configure type of authentication provider. *