简柏林 / thingskit · Commits

Commit eea77c590693ad1c59d40e5b7a231387aa8e51f4

Authored by Andrew Shvayka
Committed by GitHub
2 parents bfd654d8 e13ce807

Merge pull request #122 from yuyihan666/master 

CORS
Inline Side-by-side
Showing 3 changed files with 87 additions and 0 deletions
  1 +/**
  2 + * Copyright © 2016-2017 The Thingsboard Authors
  3 + *
  4 + * Licensed under the Apache License, Version 2.0 (the "License");
  5 + * you may not use this file except in compliance with the License.
  6 + * You may obtain a copy of the License at
  7 + *
  8 + * http://www.apache.org/licenses/LICENSE-2.0
  9 + *
  10 + * Unless required by applicable law or agreed to in writing, software
  11 + * distributed under the License is distributed on an "AS IS" BASIS,
  12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 + * See the License for the specific language governing permissions and
  14 + * limitations under the License.
  15 + */
  16 +package org.thingsboard.server.config;
  17 +
  18 +import org.springframework.boot.context.properties.ConfigurationProperties;
  19 +import org.springframework.context.annotation.Configuration;
  20 +import org.springframework.web.cors.CorsConfiguration;
  21 +
  22 +import java.util.HashMap;
  23 +import java.util.Map;
  24 +
  25 +/**
  26 + * Created by yyh on 2017/5/2.
  27 + * CORS configuration
  28 + */
  29 +@Configuration
  30 +@ConfigurationProperties(prefix = "spring.mvc.cors")
  31 +public class MvcCorsProperties {
  32 +
  33 + private Map<String, CorsConfiguration> mappings = new HashMap<>();
  34 +
  35 + public MvcCorsProperties() {
  36 + }
  37 +
  38 + public Map<String, CorsConfiguration> getMappings() {
  39 + return mappings;
  40 + }
  41 +
  42 + public void setMappings(Map<String, CorsConfiguration> mappings) {
  43 + this.mappings = mappings;
  44 + }
  45 +}
... ...
... ... @@ -18,7 +18,9 @@ package org.thingsboard.server.config;
18 18 import com.fasterxml.jackson.databind.ObjectMapper;
19 19 import org.springframework.beans.factory.annotation.Autowired;
20 20 import org.springframework.beans.factory.annotation.Qualifier;
  21 +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
21 22 import org.springframework.boot.autoconfigure.security.SecurityProperties;
  23 +import org.springframework.boot.context.properties.EnableConfigurationProperties;
22 24 import org.springframework.context.annotation.Bean;
23 25 import org.springframework.context.annotation.Configuration;
24 26 import org.springframework.core.annotation.Order;
... ... @@ -34,6 +36,9 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
34 36 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
35 37 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
36 38 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
  39 +import org.springframework.web.cors.CorsUtils;
  40 +import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
  41 +import org.springframework.web.filter.CorsFilter;
37 42 import org.thingsboard.server.exception.ThingsboardErrorResponseHandler;
38 43 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationProvider;
39 44 import org.thingsboard.server.service.security.auth.rest.RestLoginProcessingFilter;
... ... @@ -146,6 +151,8 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
146 151 protected void configure(HttpSecurity http) throws Exception {
147 152 http.headers().cacheControl().disable().frameOptions().disable()
148 153 .and()
  154 + .cors()
  155 + .and()
149 156 .csrf().disable()
150 157 .exceptionHandling()
151 158 .and()
... ... @@ -172,4 +179,17 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
172 179 .addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
173 180 .addFilterBefore(buildWsJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
174 181 }
  182 +
  183 +
  184 + @Bean
  185 + @ConditionalOnMissingBean(CorsFilter.class)
  186 + public CorsFilter corsFilter(@Autowired MvcCorsProperties mvcCorsProperties) {
  187 + if (mvcCorsProperties.getMappings().size() == 0) {
  188 + return new CorsFilter(new UrlBasedCorsConfigurationSource());
  189 + } else {
  190 + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  191 + source.setCorsConfigurations(mvcCorsProperties.getMappings());
  192 + return new CorsFilter(source);
  193 + }
  194 + }
175 195 }
... ...
... ... @@ -188,3 +188,25 @@ cache:
188 188 updates:
189 189 # Enable/disable updates checking.
190 190 enabled: "${UPDATES_ENABLED:true}"
  191 +
  192 + # spring CORS configuration
  193 +spring.mvc.cors:
  194 + mappings:
  195 + # Intercept path
  196 + "/api/auth/**":
  197 + #Comma-separated list of origins to allow. '*' allows all origins. When not set,CORS support is disabled.
  198 + allowed-origins: "*"
  199 + #Comma-separated list of methods to allow. '*' allows all methods.
  200 + allowed-methods: "POST,GET,OPTIONS"
  201 + #Comma-separated list of headers to allow in a request. '*' allows all headers.
  202 + allowed-headers: "*"
  203 + #How long, in seconds, the response from a pre-flight request can be cached by clients.
  204 + max-age: "1800"
  205 + #Set whether credentials are supported. When not set, credentials are not supported.
  206 + allow-credentials: "true"
  207 + "/api/v1/**":
  208 + allowed-origins: "*"
  209 + allowed-methods: "*"
  210 + allowed-headers: "*"
  211 + max-age: "1800"
  212 + allow-credentials: "true"
... ...