Merge pull request #7578 from bogdan-sava/springsecurity

Fix cors configuration from properties

open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/api/AuthController.java

@@ -4,21 +4,18 @@
 
 import org.odpi.openmetadata.userinterface.uichassis.springboot.auth.model.LoginRequest;
 import org.odpi.openmetadata.userinterface.uichassis.springboot.auth.service.TokenService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 public class AuthController {
 
-    private static final Logger LOG = LoggerFactory.getLogger(AuthController.class);
-
     private final TokenService tokenService;
     private final AuthenticationManager authenticationManager;
 
@@ -34,4 +31,11 @@ public String token(@RequestBody LoginRequest userLogin) throws AuthenticationEx
         return tokenService.generateToken(authentication);
     }
 
+    @PostMapping(value = "/api/token", params = {"username","password"})
+    public String token(@RequestParam String username, @RequestParam String password) throws AuthenticationException {
+        Authentication authentication = authenticationManager
+                .authenticate(new UsernamePasswordAuthenticationToken(username, password));
+        return tokenService.generateToken(authentication);
+    }
+
 }

open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java

@@ -26,11 +26,9 @@
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-import java.util.Arrays;
 import java.util.List;
 
 /**
@@ -76,22 +74,18 @@ JwtDecoder jwtDecoder() throws JOSEException {
     }
 
     /**
-     *Returns CorsConfigurationSource the cors configuration
+     *Returns WebMvcConfigurer for the cors configuration
      * The bean is based on springboot configuration property cors.allowed-origins
      */
     @Bean
     @ConditionalOnProperty(value = "cors.allowed-origins")
-    CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        if( allowedOrigins!=null && !allowedOrigins.isEmpty()) {
-            configuration.setAllowedOrigins(allowedOrigins);
-            configuration.setAllowedMethods(Arrays.asList("GET","POST"));
-            configuration.addExposedHeader("x-auth-token");
-            configuration.setAllowedHeaders(Arrays.asList("content-type","x-auth-token"));
-            source.registerCorsConfiguration("/**", configuration);
-        }
-        return source;
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings( CorsRegistry registry ) {
+                registry.addMapping("/**").allowedOrigins(allowedOrigins.toArray(new String[]{}));
+            }
+        };
     }
 
     @Bean