spring boot CORS filter along with spring security and OAuth2 (@EnableOAuth2Sso)
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class SimpleCrosFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
response.setHeader("Access-Control-Allow-Headers", "authorization, content-type, xsrf-token");
response.addHeader("Access-Control-Expose-Headers", "xsrf-token");
if ("OPTIONS".equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void destroy() {
}
}
spring security filter : here the key thing is you have to permitall preflight request by adding requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
http
.antMatcher("/**").authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll().antMatchers("/","/user**", "/login**", "/webjars/**" )
.permitAll().anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
.logoutSuccessUrl("/").permitAll().and()
.csrf().disable()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class SimpleCrosFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
response.setHeader("Access-Control-Allow-Headers", "authorization, content-type, xsrf-token");
response.addHeader("Access-Control-Expose-Headers", "xsrf-token");
if ("OPTIONS".equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void destroy() {
}
}
spring security filter : here the key thing is you have to permitall preflight request by adding requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
http
.antMatcher("/**").authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll().antMatchers("/","/user**", "/login**", "/webjars/**" )
.permitAll().anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
.logoutSuccessUrl("/").permitAll().and()
.csrf().disable()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
This comment has been removed by a blog administrator.
ReplyDeleteIt is really a great and useful piece of info. I’m glad that you shared this helpful info with us. Please keep us informed like this. Thank you for sharing.
ReplyDeleteGRE Coaching in Chennai
useful and easily understandable blog to all
ReplyDeletejava training online | java j2ee training online | java j2ee training in chennai | java j2ee training and placement
Wonderful blog.. Thanks for sharing informative blog.. its very useful to me.. iOS App Development Company in Chennai
ReplyDeleteGreat post! I am actually getting ready to across this information, It's very helpful for this blog.Also great with all of the valuable information you have Keep up the good work you are doing well.
ReplyDeleteAWS Training in Chennai
thank you for your content very unique blog.one of the recommanded blog for learners and professionals.
ReplyDeleteJava training in hyderabad
I am not sure the place you are getting your information, however good topic.I needs to spend some time studying more or understanding more.Thank you for wonderful information I was in search of this info for my mission.
ReplyDeleteManpower Consultancy in Bangalore
HR Consultancy in Bangalore
Recruitment Consultancy in Bangalore
HR Franchise in Bangalore
ReplyDeleteYour blog is very useful for me, as your tutorial sessions are indeed of great benefit.java training in chennai | chennai's no.1 java training in chennai | best java institute in chennai
I think it's awesome someone is finally taking notice of our vet's and doing something to help them. I hope all goes well with these articles. More new information i will get after refer that post.
ReplyDeleteInterior Decorators in Chennai
Home Interior Designers in Chennai
Home Interiors in Chennai
Really Good blog post about spring boot cors.provided a helpful information.I hope that you will post more updates like this.
ReplyDeleteDigital marketing company in Chennai
I’ve been browsing on-line greater than three hours today, but I never discovered any attention-grabbing article like yours. It is beautiful worth sufficient for me. Personally, if all webmasters and bloggers made good content material as you did, the net will be a lot more helpful than ever before.
ReplyDeleteArchitectural Firms in Chennai
Architects in Chennai
Free easy & simple way to learn programming online we provide niit projects, assignments, cycle tests and much more..
ReplyDeletevisit===>> http://foundjava.blogspot.in/
It's easy to understand spring boot corps filter along with spring security and oauth2 and code to implement it. I could learn it very effectively.Thanks a lot for sharing.
ReplyDeleteAndroid app development company in chennai
I appreciate your style of writing because it conveys the message of what you are trying to say. It's a great skill to make even the person who doesn't know about the subject could able to understand the subject . Your blogs are understandable and also informative. I hope to read more and more interesting articles from your blog. All the best.
ReplyDeletePigmentation Cream
Great.Nice information.It is more useful and knowledgeable. Thanks for sharing keep going on..
ReplyDeleteSEO company in India
Digital Marketing Company in Chennai
This comment has been removed by the author.
ReplyDelete