@Configurationpublic class RestConfiguration { /** * https://stackove

1. @Configuration
2. public class RestConfiguration {
3.  
4. /**
5. * https://stackoverflow.com/a/31748398/122441 until https://jira.spring.io/browse/DATAREST-573
6. */
7. @Bean
8. public FilterRegistrationBean corsFilter() {
9. UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
10. CorsConfiguration config = new CorsConfiguration();
11. config.setAllowCredentials(true);
12. config.addAllowedOrigin("*");
13. config.addAllowedHeader("*");
14. config.addAllowedMethod("OPTIONS");
15. config.addAllowedMethod("HEAD");
16. config.addAllowedMethod("GET");
17. config.addAllowedMethod("PUT");
18. config.addAllowedMethod("POST");
19. config.addAllowedMethod("DELETE");
20. config.addAllowedMethod("PATCH");
21. source.registerCorsConfiguration("/**", config);
22. // return new CorsFilter(source);
23. final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
24. bean.setOrder(0);
25. return bean;
26. }
27. }
28.  
29. @Configuration
30. @EnableWebSecurity
31. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
32. private static final String username = "dummy";
33. private static final String password = "dummy";
34.  
35. @Override
36. protected void configure(HttpSecurity http) throws Exception {
37. http
38. .authorizeRequests() //Authorize Request Configuration
39. .antMatchers("/api/**").hasRole("API")
40. .anyRequest().authenticated()
41. .and() //HTTP basic Authentication only for API
42. .antMatcher("/api/**").httpBasic();
43. }
44.  
45. @Autowired
46. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
47. auth
48. .inMemoryAuthentication()
49. .withUser(username).password(password).roles("API");
50. }
51. }
52.  
53. app.config(function ($httpProvider, Base64Provider) {
54. // https://stackoverflow.com/a/17959564/2715720
55. $httpProvider.defaults.useXDomain = true;
56. $httpProvider.defaults.withCredentials = true;
57. delete $httpProvider.defaults.headers.common["X-Requested-With"];
58. $httpProvider.defaults.headers.common["Accept"] = "application/json";
59. $httpProvider.defaults.headers.common["Content-Type"] = "application/json";
60. $httpProvider.defaults.headers.common["Access-Control-Request-Headers"] = "accept, content-type, origin, authorization";
61. $httpProvider.defaults.headers.common['Authorization'] = 'Basic ' + Base64Provider.encode('dummy' + ':' + 'dummy');
62. });
63.  
64. @Configuration
65. @EnableWebSecurity
66. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
67.  
68. @Override
69. protected void configure(HttpSecurity http) throws Exception {
70. http
71. .addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
72.  
73. .authorizeRequests()
74. .antMatchers("/api/**").hasRole("API")
75. .anyRequest().authenticated()
76. .and()
77. .antMatcher("/api/**").httpBasic();
78. }
79. }