diff --git a/src/main/kotlin/com/wbrawner/budgetserver/config/SecurityConfig.kt b/src/main/kotlin/com/wbrawner/budgetserver/config/SecurityConfig.kt index cd949ac..d08c3e6 100644 --- a/src/main/kotlin/com/wbrawner/budgetserver/config/SecurityConfig.kt +++ b/src/main/kotlin/com/wbrawner/budgetserver/config/SecurityConfig.kt @@ -2,6 +2,7 @@ package com.wbrawner.budgetserver.config import com.wbrawner.budgetserver.passwordresetrequest.PasswordResetRequestRepository import com.wbrawner.budgetserver.user.UserRepository +import org.springframework.boot.web.servlet.FilterRegistrationBean import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.core.env.Environment @@ -15,8 +16,12 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder import org.springframework.security.crypto.password.PasswordEncoder import org.springframework.security.provisioning.JdbcUserDetailsManager +import org.springframework.web.cors.CorsConfiguration +import org.springframework.web.cors.UrlBasedCorsConfigurationSource +import org.springframework.web.filter.CorsFilter import javax.sql.DataSource + @Configuration @EnableWebSecurity open class SecurityConfig( @@ -46,6 +51,20 @@ open class SecurityConfig( @Bean get() = BCryptPasswordEncoder() + @Bean + open fun corsFilter(): FilterRegistrationBean<*>? { + val source = UrlBasedCorsConfigurationSource() + val config = CorsConfiguration() + config.allowCredentials = true + config.addAllowedOrigin("*") + config.addAllowedHeader("*") + config.addAllowedMethod("*") + source.registerCorsConfiguration("/**", config) + val bean: FilterRegistrationBean<*> = FilterRegistrationBean(CorsFilter(source)) + bean.order = 0 + return bean + } + public override fun configure(auth: AuthenticationManagerBuilder?) { auth!!.authenticationProvider(authenticationProvider) }