Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Configuration
- public class RestConfiguration {
- /**
- * https://stackoverflow.com/a/31748398/122441 until https://jira.spring.io/browse/DATAREST-573
- */
- @Bean
- public FilterRegistrationBean corsFilter() {
- UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
- CorsConfiguration config = new CorsConfiguration();
- config.setAllowCredentials(true);
- config.addAllowedOrigin("*");
- config.addAllowedHeader("*");
- config.addAllowedMethod("OPTIONS");
- config.addAllowedMethod("HEAD");
- config.addAllowedMethod("GET");
- config.addAllowedMethod("PUT");
- config.addAllowedMethod("POST");
- config.addAllowedMethod("DELETE");
- config.addAllowedMethod("PATCH");
- source.registerCorsConfiguration("/**", config);
- // return new CorsFilter(source);
- final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
- bean.setOrder(0);
- return bean;
- }
- }
- @Configuration
- @EnableWebSecurity
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- private static final String username = "dummy";
- private static final String password = "dummy";
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .authorizeRequests() //Authorize Request Configuration
- .antMatchers("/api/**").hasRole("API")
- .anyRequest().authenticated()
- .and() //HTTP basic Authentication only for API
- .antMatcher("/api/**").httpBasic();
- }
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- auth
- .inMemoryAuthentication()
- .withUser(username).password(password).roles("API");
- }
- }
- app.config(function ($httpProvider, Base64Provider) {
- // https://stackoverflow.com/a/17959564/2715720
- $httpProvider.defaults.useXDomain = true;
- $httpProvider.defaults.withCredentials = true;
- delete $httpProvider.defaults.headers.common["X-Requested-With"];
- $httpProvider.defaults.headers.common["Accept"] = "application/json";
- $httpProvider.defaults.headers.common["Content-Type"] = "application/json";
- $httpProvider.defaults.headers.common["Access-Control-Request-Headers"] = "accept, content-type, origin, authorization";
- $httpProvider.defaults.headers.common['Authorization'] = 'Basic ' + Base64Provider.encode('dummy' + ':' + 'dummy');
- });
- @Configuration
- @EnableWebSecurity
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
- .authorizeRequests()
- .antMatchers("/api/**").hasRole("API")
- .anyRequest().authenticated()
- .and()
- .antMatcher("/api/**").httpBasic();
- }
- }
Add Comment
Please, Sign In to add comment