Image error solve update
This commit is contained in:
@ -7,6 +7,7 @@ import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthenticati
|
||||
import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthorizationFilter;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
@ -17,9 +18,11 @@ import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.cors.CorsConfigurationSource;
|
||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import static org.springframework.http.HttpMethod.*;
|
||||
@ -27,6 +30,7 @@ import static org.springframework.http.HttpMethod.*;
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@RequiredArgsConstructor
|
||||
@Configuration
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
private final JwtAuthorizationFilter jwtAuthorizationFilter;
|
||||
@ -38,11 +42,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Value("${app.public-urls}")
|
||||
private String[] publicUrls;
|
||||
|
||||
@Value("${app.cors.allowed-origins}")
|
||||
private String[] allowedOrigins;
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
http.csrf().disable();
|
||||
|
||||
// ✅ Enable Spring Security CORS support
|
||||
http.cors();
|
||||
|
||||
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||
@ -60,9 +67,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.userDetailsService(userDetailsService)
|
||||
.passwordEncoder(passwordEncoder);
|
||||
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@ -71,28 +76,20 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
return super.authenticationManagerBean();
|
||||
}
|
||||
|
||||
// ✅ This is the correct, Security-compatible CORS configuration
|
||||
@Bean
|
||||
public WebMvcConfigurer corsConfigurer(@Value("${app.cors.allowed-origins}") String[] allowedOrigins) {
|
||||
return new WebMvcConfigurer() {
|
||||
@Override
|
||||
public void addCorsMappings(CorsRegistry registry) {
|
||||
registry.addMapping("/user/login")
|
||||
.allowedOrigins(allowedOrigins)
|
||||
.exposedHeaders(SecurityConstants.JWT_TOKEN_HEADER);
|
||||
public CorsConfigurationSource corsConfigurationSource() {
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
config.setAllowedOrigins(Arrays.asList(allowedOrigins));
|
||||
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
|
||||
config.setAllowedHeaders(Arrays.asList("*"));
|
||||
config.setExposedHeaders(Arrays.asList(SecurityConstants.JWT_TOKEN_HEADER));
|
||||
config.setAllowCredentials(true);
|
||||
config.setMaxAge(3600L); // Cache preflight for 1 hour
|
||||
|
||||
String[] allowedMethods = List.of(GET, POST, PUT, DELETE, OPTIONS) // Add OPTIONS
|
||||
.stream()
|
||||
.map(Enum::name)
|
||||
.toArray(String[]::new);
|
||||
|
||||
registry.addMapping("/**")
|
||||
.allowedMethods(allowedMethods)
|
||||
.allowedOrigins(allowedOrigins)
|
||||
.allowedHeaders("*") // Add this
|
||||
.allowCredentials(true) // Add this
|
||||
.maxAge(3600); // Add this
|
||||
}
|
||||
};
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
source.registerCorsConfiguration("/**", config);
|
||||
return source;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user