[conluzweb-36] Configured CORS

lucoenergia · Jun 26, 2024 · 697f1bd · 697f1bd
1 parent 53105ec
commit 697f1bd
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/src/main/java/org/lucoenergia/conluz/infrastructure/shared/security/WebSecurityConfig.java b/src/main/java/org/lucoenergia/conluz/infrastructure/shared/security/WebSecurityConfig.java
@@ -4,6 +4,7 @@
 import org.lucoenergia.conluz.infrastructure.shared.security.auth.JwtAuthenticationFilter;
 import org.lucoenergia.conluz.infrastructure.shared.web.error.ConluzAccessDeniedHandler;
 import org.lucoenergia.conluz.infrastructure.shared.web.error.ConluzAuthenticationEntryPoint;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -21,11 +22,15 @@
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import java.util.Arrays;
+import java.util.List;
 
 @Configuration
 @EnableWebSecurity
 public class WebSecurityConfig {
 
+    @Value("#{'${conluz.allowed.origins}'.split(',')}")
+    private List<String> allowedOrigins;
+
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final AuthenticationProvider authenticationProvider;
     private final ObjectMapper objectMapper;
@@ -69,9 +74,10 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
     @Bean
     CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(Arrays.asList("*"));
-        configuration.setAllowedMethods(Arrays.asList("*"));
+        configuration.setAllowedOrigins(allowedOrigins);
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE, OPTIONS, HEAD, TRACE"));
         configuration.setAllowedHeaders(Arrays.asList("*"));
+        configuration.setAllowCredentials(true);
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
         return source;

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -75,3 +75,7 @@ server.ssl.key-store=classpath:keystore/conluz.p12
 server.ssl.key-store-password=changeit
 # The alias mapped to the certificate
 server.ssl.key-alias=conluz
+
+## CORS configuration
+# We can specify a list of origins separated by comas. Example: http://localhost:3000,http://localhost:4000,http://localhost:5000
+conluz.allowed.origins=http://localhost:3001
diff --git a/...est/java/org/lucoenergia/conluz/infrastructure/shared/security/WebSecurityConfigTest.java b/...est/java/org/lucoenergia/conluz/infrastructure/shared/security/WebSecurityConfigTest.java
@@ -4,7 +4,6 @@
 import org.lucoenergia.conluz.infrastructure.shared.BaseControllerTest;
 
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 class WebSecurityConfigTest extends BaseControllerTest {
@@ -23,4 +22,4 @@ void testSecurityFilterChainForHealth() throws Exception {
     void testSecurityFilterChainForInfo() throws Exception {
         mockMvc.perform(get("/actuator/info")).andExpect(status().isOk());
     }
-}
+}