From 53acf812626c2f119e9b87d62d90e6c0ecef647b Mon Sep 17 00:00:00 2001
From: Art <d.art.shishkin@gmail.com>
Date: Sun, 19 Sep 2021 22:41:21 +0300
Subject: [PATCH] 151. Test login - Part 4 - externalize enabled CORS origins
 (#18)

---
 .../backend/config/SecurityConfig.java           | 16 ++++++++++++++++
 .../backend/controller/ErrorController.java      |  2 --
 .../backend/controller/UserResource.java         |  2 --
 .../src/main/resources/application.yml           |  2 ++
 4 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
index 2265f53..7ab1f0f 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
@@ -1,6 +1,7 @@
 package net.shyshkin.study.fullstack.supportportal.backend.config;
 
 import lombok.RequiredArgsConstructor;
+import net.shyshkin.study.fullstack.supportportal.backend.constant.SecurityConstants;
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAccessDeniedHandler;
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthenticationEntryPoint;
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthorizationFilter;
@@ -16,6 +17,8 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
@@ -64,4 +67,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         return super.authenticationManagerBean();
     }
 
+    @Bean
+    public WebMvcConfigurer corsConfigurer(@Value("${app.cors.allowed-origins}") String[] allowedOrigins) {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/user/login")
+                        .allowedOrigins(allowedOrigins)
+                        .exposedHeaders(SecurityConstants.JWT_TOKEN_HEADER);
+                registry.addMapping("/**").allowedOrigins(allowedOrigins);
+            }
+        };
+    }
+
 }
diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/ErrorController.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/ErrorController.java
index 0b002a8..42d33f5 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/ErrorController.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/ErrorController.java
@@ -2,7 +2,6 @@ package net.shyshkin.study.fullstack.supportportal.backend.controller;
 
 import net.shyshkin.study.fullstack.supportportal.backend.domain.HttpResponse;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -10,7 +9,6 @@ import static net.shyshkin.study.fullstack.supportportal.backend.utility.HttpRes
 import static org.springframework.http.HttpStatus.NOT_FOUND;
 
 @RestController
-@CrossOrigin("http://localhost:4200")
 public class ErrorController {
 
     @GetMapping("/error")
diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java
index 3b0d426..d035e7d 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java
@@ -30,7 +30,6 @@ import static org.springframework.http.HttpStatus.OK;
 @RestController
 @RequestMapping("user")
 @RequiredArgsConstructor
-@CrossOrigin("http://localhost:4200")
 public class UserResource {
 
     private final UserService userService;
@@ -48,7 +47,6 @@ public class UserResource {
     }
 
     @PostMapping("login")
-    @CrossOrigin(value = "http://localhost:4200", exposedHeaders = {SecurityConstants.JWT_TOKEN_HEADER})
     public ResponseEntity<User> login(@RequestBody User user) {
 
         authenticate(user.getUsername(), user.getPassword());
diff --git a/support-portal-backend/src/main/resources/application.yml b/support-portal-backend/src/main/resources/application.yml
index cf56542..fc3c337 100644
--- a/support-portal-backend/src/main/resources/application.yml
+++ b/support-portal-backend/src/main/resources/application.yml
@@ -36,6 +36,8 @@ spring:
 #      add-mappings: false
 app:
   public-urls: /user/login,/user/register,/user/*/image/**,/user/image/**
+  cors:
+    allowed-origins: http://localhost:4200,https://localhost:4200
   jwt:
     secret: VeRy_5ecretP@55W0rd!
 #    secret: ${random.value} #Does not work - every time generates new value