From 2de798571fe56b53a2086e5edff7514f8946dbc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=99=E8=89=BA=E9=9F=A9?= Date: Wed, 3 May 2017 17:13:42 +0800 Subject: [PATCH] CORS --- .../server/config/MvcCorsProperties.java | 30 +++++++++++++++++++ .../ThingsboardSecurityConfiguration.java | 20 +++++++++++++ .../src/main/resources/thingsboard.yml | 22 ++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 application/src/main/java/org/thingsboard/server/config/MvcCorsProperties.java diff --git a/application/src/main/java/org/thingsboard/server/config/MvcCorsProperties.java b/application/src/main/java/org/thingsboard/server/config/MvcCorsProperties.java new file mode 100644 index 0000000000..9d40c8038a --- /dev/null +++ b/application/src/main/java/org/thingsboard/server/config/MvcCorsProperties.java @@ -0,0 +1,30 @@ +package org.thingsboard.server.config; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.context.annotation.Configuration; +import org.springframework.web.cors.CorsConfiguration; + +import java.util.HashMap; +import java.util.Map; + +/** + * Created by yyh on 2017/5/2. + * CORS configuration + */ +@Configuration +@ConfigurationProperties(prefix = "spring.mvc.cors") +public class MvcCorsProperties { + + private Map mappings = new HashMap<>(); + + public MvcCorsProperties() { + } + + public Map getMappings() { + return mappings; + } + + public void setMappings(Map mappings) { + this.mappings = mappings; + } +} diff --git a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java index 6a9e449c04..cdca099c3a 100644 --- a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java +++ b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java @@ -18,7 +18,9 @@ package org.thingsboard.server.config; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.security.SecurityProperties; +import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; @@ -34,6 +36,9 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.web.cors.CorsUtils; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.filter.CorsFilter; import org.thingsboard.server.exception.ThingsboardErrorResponseHandler; import org.thingsboard.server.service.security.auth.rest.RestAuthenticationProvider; import org.thingsboard.server.service.security.auth.rest.RestLoginProcessingFilter; @@ -145,6 +150,8 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt @Override protected void configure(HttpSecurity http) throws Exception { http.headers().cacheControl().disable().frameOptions().disable() + .and() + .cors() .and() .csrf().disable() .exceptionHandling() @@ -172,4 +179,17 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt .addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class) .addFilterBefore(buildWsJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class); } + + + @Bean + @ConditionalOnMissingBean(CorsFilter.class) + public CorsFilter corsFilter(@Autowired MvcCorsProperties mvcCorsProperties) { + if (mvcCorsProperties.getMappings().size() == 0) { + return new CorsFilter(new UrlBasedCorsConfigurationSource()); + } else { + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.setCorsConfigurations(mvcCorsProperties.getMappings()); + return new CorsFilter(source); + } + } } diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml index 778406aadf..e64e9cd95c 100644 --- a/application/src/main/resources/thingsboard.yml +++ b/application/src/main/resources/thingsboard.yml @@ -188,3 +188,25 @@ cache: updates: # Enable/disable updates checking. enabled: "${UPDATES_ENABLED:true}" + + # spring CORS configuration +spring.mvc.cors: + mappings: + # Intercept path + "/api/auth/**": + #Comma-separated list of origins to allow. '*' allows all origins. When not set,CORS support is disabled. + allowed-origins: "*" + #Comma-separated list of methods to allow. '*' allows all methods. + allowed-methods: "POST,GET,OPTIONS" + #Comma-separated list of headers to allow in a request. '*' allows all headers. + allowed-headers: "*" + #How long, in seconds, the response from a pre-flight request can be cached by clients. + max-age: "1800" + #Set whether credentials are supported. When not set, credentials are not supported. + allow-credentials: "true" + "/api/v1/**": + allowed-origins: "*" + allowed-methods: "*" + allowed-headers: "*" + max-age: "1800" + allow-credentials: "true"