From 8ac21709342f6b01b72004bb22a0f7540fb873c0 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Fri, 1 Nov 2024 14:56:12 +0100 Subject: [PATCH] replace CORSFilter implementation by modernn CorsRegistry configuration --- .../fairdatapoint/api/filter/CORSFilter.java | 68 ------------------- .../api/filter/FilterConfigurer.java | 5 +- .../org/fairdatapoint/config/WebConfig.java | 18 +++++ 3 files changed, 19 insertions(+), 72 deletions(-) delete mode 100644 src/main/java/org/fairdatapoint/api/filter/CORSFilter.java diff --git a/src/main/java/org/fairdatapoint/api/filter/CORSFilter.java b/src/main/java/org/fairdatapoint/api/filter/CORSFilter.java deleted file mode 100644 index 32316ae4..00000000 --- a/src/main/java/org/fairdatapoint/api/filter/CORSFilter.java +++ /dev/null @@ -1,68 +0,0 @@ -/** - * The MIT License - * Copyright © 2016-2024 FAIR Data Team - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ -package org.fairdatapoint.api.filter; - -import jakarta.servlet.FilterChain; -import jakarta.servlet.ServletException; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; -import org.springframework.http.HttpHeaders; -import org.springframework.stereotype.Component; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.filter.OncePerRequestFilter; - -import java.io.IOException; - -import static java.lang.String.format; - -@Component -public class CORSFilter extends OncePerRequestFilter { - - @Override - public void doFilterInternal( - final HttpServletRequest request, - final HttpServletResponse response, - final FilterChain fc - ) throws IOException, ServletException { - final String allowedMtds = String.join(",", - RequestMethod.GET.name(), RequestMethod.POST.name(), - RequestMethod.PUT.name(), RequestMethod.PATCH.name(), - RequestMethod.DELETE.name()); - - response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*"); - response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, - format("%s,%s,%s,%s", HttpHeaders.ORIGIN, HttpHeaders.AUTHORIZATION, - HttpHeaders.ACCEPT, HttpHeaders.CONTENT_TYPE)); - response.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, - format("%s,%s", HttpHeaders.LOCATION, HttpHeaders.LINK)); - response.setHeader(HttpHeaders.ALLOW, allowedMtds); - response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, allowedMtds); - - fc.doFilter(request, response); - } -} diff --git a/src/main/java/org/fairdatapoint/api/filter/FilterConfigurer.java b/src/main/java/org/fairdatapoint/api/filter/FilterConfigurer.java index a8286589..568c0121 100644 --- a/src/main/java/org/fairdatapoint/api/filter/FilterConfigurer.java +++ b/src/main/java/org/fairdatapoint/api/filter/FilterConfigurer.java @@ -36,15 +36,12 @@ public class FilterConfigurer extends private final JwtTokenFilter jwtTokenFilter; - private final CORSFilter corsFilter; - private final LoggingFilter loggingFilter; @Override public void configure(HttpSecurity http) { http.addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class); - http.addFilterBefore(corsFilter, JwtTokenFilter.class); - http.addFilterBefore(loggingFilter, CORSFilter.class); + http.addFilterBefore(loggingFilter, JwtTokenFilter.class); } } diff --git a/src/main/java/org/fairdatapoint/config/WebConfig.java b/src/main/java/org/fairdatapoint/config/WebConfig.java index 1dfce17e..618f7de9 100644 --- a/src/main/java/org/fairdatapoint/config/WebConfig.java +++ b/src/main/java/org/fairdatapoint/config/WebConfig.java @@ -34,7 +34,9 @@ import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.StringHttpMessageConverter; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; +import org.springframework.http.HttpHeaders; import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer; +import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.view.InternalResourceViewResolver; @@ -85,4 +87,20 @@ public ObjectMapper objectMapper() { public InternalResourceViewResolver defaultViewResolver() { return new InternalResourceViewResolver(); } + + // https://docs.spring.io/spring-framework/reference/web/webmvc-cors.html + @Override + public void addCorsMappings(CorsRegistry registry) { + registry.addMapping("/**") + .allowedOrigins("*") + .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE") // todo: what about OPTIONS? + .allowedHeaders( + HttpHeaders.ORIGIN, + HttpHeaders.AUTHORIZATION, + HttpHeaders.ACCEPT, + HttpHeaders.CONTENT_TYPE + ) + .exposedHeaders(HttpHeaders.LOCATION, HttpHeaders.LINK); + } + }