Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Configuration
- @EnableWebSecurity
- @EnableGlobalMethodSecurity(prePostEnabled = true)
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private JwtTokenDecoder jwtTokenDecoder;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable()
- .httpBasic().disable()
- .formLogin().disable()
- .logout().disable()
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
- // Install the JWT authentication filter
- http.addFilterBefore(new JwtAuthenticationFilter(jwtTokenDecoder), BasicAuthenticationFilter.class);
- // Authorize only authenticated requests
- http.authorizeRequests()
- .anyRequest().authenticated();
- http.cors();
- }
- }
- @Configuration
- @EnableWebMvc
- public class WebConfig implements WebMvcConfigurer {
- @Override
- public void addCorsMappings(CorsRegistry registry) {
- registry.addMapping("/**")
- .allowedOrigins("*")
- .allowedMethods("*");
- }
- }
- @RestController
- @RequestMapping("/admin")
- @Api("Administration API")
- @CrossOrigin(origins = "*")
- class AdminController {
- @PostMapping("/user")
- @PreAuthorize("hasRole('Administrator')")
- public User createUser(@RequestBody String userJson,
- Authentication authentication) {
- EvidenzAuthentication evidenzAuthentication = (EvidenzAuthentication) authentication;
- JsonObject dataAsJSON = new JsonParser().parse(userJson).getAsJsonObject();
- User u = new User();
- u.setFirstName((dataAsJSON.has("firstName") ? dataAsJSON.get("firstName").getAsString() : ""));
- u.setLastName((dataAsJSON.has("lastName") ? dataAsJSON.get("lastName").getAsString() : ""));
- u.setEmail((dataAsJSON.has("email") ? dataAsJSON.get("email").getAsString() : ""));
- u.setProfileId((dataAsJSON.has("profile") ? dataAsJSON.get("profile").getAsString() : ""));
- u.setIssuerId(evidenzAuthentication.getIssuerId());
- if (userDao.createUser(u).isPresent()) {
- return userDao.createUser(u).get();
- } else {
- return null;
- }
- }
- }
- axios.post('/admin/user',
- {data: "firstName":"Peter","lastName":"Sellers","email":"peter.sellers@party.com","profile":"Reader"},
- crossdomain: true,
- headers: { 'Content-Type': 'application/json',
- 'Cache-Control': 'no-cache',
- 'Authorization': 'Bearer ' + localStorage.getItem('auth_token') }})
- .then(response => {
- self.submitStatus = "OK";
- })
- .catch(function (error) {
- console.log(error)
- });;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement