This commit is contained in:
@@ -7,7 +7,6 @@ import org.springframework.security.authentication.AuthenticationManager
|
|||||||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
|
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configurers.CorsConfigurer
|
|
||||||
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
|
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
|
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
|
||||||
import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
|
import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
|
||||||
@@ -16,6 +15,10 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
|
|||||||
import org.springframework.security.crypto.password.PasswordEncoder
|
import org.springframework.security.crypto.password.PasswordEncoder
|
||||||
import org.springframework.security.web.SecurityFilterChain
|
import org.springframework.security.web.SecurityFilterChain
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
|
||||||
|
import org.springframework.web.cors.CorsConfiguration
|
||||||
|
import org.springframework.web.cors.CorsConfigurationSource
|
||||||
|
import org.springframework.web.cors.UrlBasedCorsConfigurationSource
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@@ -48,13 +51,25 @@ class SecurityConfig(private val authEntrypointJwt: AuthEntrypointJwt,
|
|||||||
return BCryptPasswordEncoder()
|
return BCryptPasswordEncoder()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
fun corsConfigurationSource(): CorsConfigurationSource {
|
||||||
|
val config = CorsConfiguration()
|
||||||
|
config.allowedOriginPatterns = listOf("*")
|
||||||
|
config.allowedMethods = listOf("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
|
||||||
|
config.allowedHeaders = listOf("*")
|
||||||
|
config.allowCredentials = true
|
||||||
|
val source = UrlBasedCorsConfigurationSource()
|
||||||
|
source.registerCorsConfiguration("/**", config)
|
||||||
|
return source
|
||||||
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain? {
|
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain? {
|
||||||
// Updated configuration for Spring Security 6.x
|
// Updated configuration for Spring Security 6.x
|
||||||
http
|
http
|
||||||
.csrf { csrf: CsrfConfigurer<HttpSecurity> -> csrf.disable() } // Disable CSRF
|
.csrf { csrf: CsrfConfigurer<HttpSecurity> -> csrf.disable() }
|
||||||
.cors { cors: CorsConfigurer<HttpSecurity> -> cors.disable() } // Disable CORS (or configure if needed)
|
.cors { cors -> cors.configurationSource(corsConfigurationSource()) }
|
||||||
.exceptionHandling { exceptionHandling: ExceptionHandlingConfigurer<HttpSecurity> ->
|
.exceptionHandling { exceptionHandling: ExceptionHandlingConfigurer<HttpSecurity> ->
|
||||||
exceptionHandling.authenticationEntryPoint(
|
exceptionHandling.authenticationEntryPoint(
|
||||||
authEntrypointJwt
|
authEntrypointJwt
|
||||||
|
|||||||
Reference in New Issue
Block a user