Skip to content

Instantly share code, notes, and snippets.

@LuisCusihuaman

LuisCusihuaman/SecurityConfig.java

Last active June 22, 2024 18:22
Show Gist options
  • Save LuisCusihuaman/13083e5985f226b3ba8427a891f5b6a5 to your computer and use it in GitHub Desktop.
Save LuisCusihuaman/13083e5985f226b3ba8427a891f5b6a5 to your computer and use it in GitHub Desktop.
Download ZIP
CORS Java
Raw
SecurityConfig.java
// src/main/java/com/edu/uba/projects/config/AppConfig.java
package com.edu.uba.projects.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import java.util.Collections;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorizeRequests ->
authorizeRequests
.requestMatchers("/swagger-ui.html", "/swagger-ui/**", "/swagger-resources/**", "/swagger-resources", "/v3/api-docs/**", "/proxy/**").permitAll() // Allow access without authentication for Swagger
.anyRequest().permitAll() // Allow all other requests without authentication
)
.cors(Customizer.withDefaults())
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOriginPatterns(Collections.singletonList("*")); // Allow all origins
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
/// src/main/java/com/edu/uba/projects/ProjectsApplication.java
package com.edu.uba.projects;
import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.servers.Server;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.CrossOrigin;
@OpenAPIDefinition(servers = {@Server(url = "/", description = "Default Server URL")})
@CrossOrigin(origins = "*", allowedHeaders = "*")
@SpringBootApplication
public class ProjectsApplication {
public static void main(String[] args) {
SpringApplication.run(ProjectsApplication.class, args);
}
}
@LuisCusihuaman
Copy link
Author

gradle dependencies:

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    compileOnly 'org.projectlombok:lombok'
    developmentOnly 'org.springframework.boot:spring-boot-devtools'
    developmentOnly 'org.springframework.boot:spring-boot-docker-compose'
    runtimeOnly 'com.mysql:mysql-connector-j'
    annotationProcessor 'org.projectlombok:lombok'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
    testImplementation 'org.springframework.security:spring-security-test'
    testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
    implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.5.0'
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment