简柏林 / thingskit · Commits

Commit 2de798571fe56b53a2086e5edff7514f8946dbc9

Authored by 余艺韩
1 parent 912c572a

CORS

Inline Side-by-side
Showing 3 changed files with 72 additions and 0 deletions
  1 +package org.thingsboard.server.config;
  2 +
  3 +import org.springframework.boot.context.properties.ConfigurationProperties;
  4 +import org.springframework.context.annotation.Configuration;
  5 +import org.springframework.web.cors.CorsConfiguration;
  6 +
  7 +import java.util.HashMap;
  8 +import java.util.Map;
  9 +
  10 +/**
  11 + * Created by yyh on 2017/5/2.
  12 + * CORS configuration
  13 + */
  14 +@Configuration
  15 +@ConfigurationProperties(prefix = "spring.mvc.cors")
  16 +public class MvcCorsProperties {
  17 +
  18 + private Map<String, CorsConfiguration> mappings = new HashMap<>();
  19 +
  20 + public MvcCorsProperties() {
  21 + }
  22 +
  23 + public Map<String, CorsConfiguration> getMappings() {
  24 + return mappings;
  25 + }
  26 +
  27 + public void setMappings(Map<String, CorsConfiguration> mappings) {
  28 + this.mappings = mappings;
  29 + }
  30 +}
... ...
... ... @@ -18,7 +18,9 @@ package org.thingsboard.server.config;
18 18 import com.fasterxml.jackson.databind.ObjectMapper;
19 19 import org.springframework.beans.factory.annotation.Autowired;
20 20 import org.springframework.beans.factory.annotation.Qualifier;
  21 +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
21 22 import org.springframework.boot.autoconfigure.security.SecurityProperties;
  23 +import org.springframework.boot.context.properties.EnableConfigurationProperties;
22 24 import org.springframework.context.annotation.Bean;
23 25 import org.springframework.context.annotation.Configuration;
24 26 import org.springframework.core.annotation.Order;
... ... @@ -34,6 +36,9 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
34 36 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
35 37 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
36 38 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
  39 +import org.springframework.web.cors.CorsUtils;
  40 +import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
  41 +import org.springframework.web.filter.CorsFilter;
37 42 import org.thingsboard.server.exception.ThingsboardErrorResponseHandler;
38 43 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationProvider;
39 44 import org.thingsboard.server.service.security.auth.rest.RestLoginProcessingFilter;
... ... @@ -146,6 +151,8 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
146 151 protected void configure(HttpSecurity http) throws Exception {
147 152 http.headers().cacheControl().disable().frameOptions().disable()
148 153 .and()
  154 + .cors()
  155 + .and()
149 156 .csrf().disable()
150 157 .exceptionHandling()
151 158 .and()
... ... @@ -172,4 +179,17 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
172 179 .addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
173 180 .addFilterBefore(buildWsJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
174 181 }
  182 +
  183 +
  184 + @Bean
  185 + @ConditionalOnMissingBean(CorsFilter.class)
  186 + public CorsFilter corsFilter(@Autowired MvcCorsProperties mvcCorsProperties) {
  187 + if (mvcCorsProperties.getMappings().size() == 0) {
  188 + return new CorsFilter(new UrlBasedCorsConfigurationSource());
  189 + } else {
  190 + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  191 + source.setCorsConfigurations(mvcCorsProperties.getMappings());
  192 + return new CorsFilter(source);
  193 + }
  194 + }
175 195 }
... ...
... ... @@ -188,3 +188,25 @@ cache:
188 188 updates:
189 189 # Enable/disable updates checking.
190 190 enabled: "${UPDATES_ENABLED:true}"
  191 +
  192 + # spring CORS configuration
  193 +spring.mvc.cors:
  194 + mappings:
  195 + # Intercept path
  196 + "/api/auth/**":
  197 + #Comma-separated list of origins to allow. '*' allows all origins. When not set,CORS support is disabled.
  198 + allowed-origins: "*"
  199 + #Comma-separated list of methods to allow. '*' allows all methods.
  200 + allowed-methods: "POST,GET,OPTIONS"
  201 + #Comma-separated list of headers to allow in a request. '*' allows all headers.
  202 + allowed-headers: "*"
  203 + #How long, in seconds, the response from a pre-flight request can be cached by clients.
  204 + max-age: "1800"
  205 + #Set whether credentials are supported. When not set, credentials are not supported.
  206 + allow-credentials: "true"
  207 + "/api/v1/**":
  208 + allowed-origins: "*"
  209 + allowed-methods: "*"
  210 + allowed-headers: "*"
  211 + max-age: "1800"
  212 + allow-credentials: "true"
... ...