151. Test login - Part 4 - externalize enabled CORS origins (#18)

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java

@@ -1,6 +1,7 @@
 package net.shyshkin.study.fullstack.supportportal.backend.config;
 
 import lombok.RequiredArgsConstructor;
+import net.shyshkin.study.fullstack.supportportal.backend.constant.SecurityConstants;
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAccessDeniedHandler;
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthenticationEntryPoint;
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthorizationFilter;
@@ -16,6 +17,8 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
@@ -64,4 +67,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         return super.authenticationManagerBean();
     }
 
+    @Bean
+    public WebMvcConfigurer corsConfigurer(@Value("${app.cors.allowed-origins}") String[] allowedOrigins) {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/user/login")
+                        .allowedOrigins(allowedOrigins)
+                        .exposedHeaders(SecurityConstants.JWT_TOKEN_HEADER);
+                registry.addMapping("/**").allowedOrigins(allowedOrigins);
+            }
+        };
+    }
+
 }

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/ErrorController.java

@@ -2,7 +2,6 @@ package net.shyshkin.study.fullstack.supportportal.backend.controller;
 
 import net.shyshkin.study.fullstack.supportportal.backend.domain.HttpResponse;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -10,7 +9,6 @@ import static net.shyshkin.study.fullstack.supportportal.backend.utility.HttpRes
 import static org.springframework.http.HttpStatus.NOT_FOUND;
 
 @RestController
-@CrossOrigin("http://localhost:4200")
 public class ErrorController {
 
     @GetMapping("/error")

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java

@@ -30,7 +30,6 @@ import static org.springframework.http.HttpStatus.OK;
 @RestController
 @RequestMapping("user")
 @RequiredArgsConstructor
-@CrossOrigin("http://localhost:4200")
 public class UserResource {
 
     private final UserService userService;
@@ -48,7 +47,6 @@ public class UserResource {
     }
 
     @PostMapping("login")
-    @CrossOrigin(value = "http://localhost:4200", exposedHeaders = {SecurityConstants.JWT_TOKEN_HEADER})
     public ResponseEntity<User> login(@RequestBody User user) {
 
         authenticate(user.getUsername(), user.getPassword());

support-portal-backend/src/main/resources/application.yml

@@ -36,6 +36,8 @@ spring:
 #      add-mappings: false
 app:
   public-urls: /user/login,/user/register,/user/*/image/**,/user/image/**
+  cors:
+    allowed-origins: http://localhost:4200,https://localhost:4200
   jwt:
     secret: VeRy_5ecretP@55W0rd!
 #    secret: ${random.value} #Does not work - every time generates new value