From bfaad9af8eb2ccc33c13c357230b889ec2544ff4 Mon Sep 17 00:00:00 2001 From: freddyheredia4 Date: Thu, 22 Jun 2023 19:05:05 -0500 Subject: [PATCH] control de options --- .../authz/conf/JWTAuthenticationFilter.java | 4 +- .../authz/conf/SecurityConfiguration.java | 38 +++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/src/main/java/erp/pedidos/authz/conf/JWTAuthenticationFilter.java b/src/main/java/erp/pedidos/authz/conf/JWTAuthenticationFilter.java index 6bf7ea1..9738d45 100644 --- a/src/main/java/erp/pedidos/authz/conf/JWTAuthenticationFilter.java +++ b/src/main/java/erp/pedidos/authz/conf/JWTAuthenticationFilter.java @@ -107,7 +107,7 @@ public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilte public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { response.setStatus(401); - response.setContentType("application/json"); + response.setContentType("application/json; charset=utf-8"); response.getWriter().append(json(exception.getLocalizedMessage())); } @@ -117,7 +117,7 @@ public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilte return "{\"timestamp\": " + date + ", " + "\"status\": 401, " + "\"error\": \"Not authorized\", " - + "\"message\": "+ message+ ", " + + "\"message\": \""+ message+ "\", " + "\"path\": \"/login\"}"; } } diff --git a/src/main/java/erp/pedidos/authz/conf/SecurityConfiguration.java b/src/main/java/erp/pedidos/authz/conf/SecurityConfiguration.java index 9557b2b..cf86d09 100644 --- a/src/main/java/erp/pedidos/authz/conf/SecurityConfiguration.java +++ b/src/main/java/erp/pedidos/authz/conf/SecurityConfiguration.java @@ -1,5 +1,8 @@ package erp.pedidos.authz.conf; +import java.util.Arrays; +import java.util.Collections; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -8,6 +11,10 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + import erp.pedidos.authz.service.UserService; @Configuration @@ -23,6 +30,8 @@ public class SecurityConfiguration{ http .csrf().disable() + .cors() + .and() .authorizeHttpRequests((authorize) -> authorize .requestMatchers("/login").permitAll() .requestMatchers("/swagger-ui/*").permitAll() @@ -36,4 +45,33 @@ public class SecurityConfiguration{ return http.build(); } + + @Bean + protected CorsConfigurationSource corsConfigurationSource() { + final CorsConfiguration configuration = new CorsConfiguration(); + + configuration.setAllowedOrigins(Collections.singletonList("http://localhost:3000")); + configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH")); + + // NOTE: setAllowCredentials(true) is important, + // otherwise, the value of the 'Access-Control-Allow-Origin' header in the response + // must not be the wildcard '*' when the request's credentials mode is 'include'. + configuration.setAllowCredentials(true); + + // NOTE: setAllowedHeaders is important! + // Without it, OPTIONS preflight request will fail with 403 Invalid CORS request + configuration.setAllowedHeaders(Arrays.asList( + "Authorization", + "Accept", + "Cache-Control", + "Content-Type", + "Origin", + "x-csrf-token", + "x-requested-with" + )); + + final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } }