spring-data-rest
spring-data-rest copied to clipboard
spring-projects
Does CORS configuration in Spring Security override CORS configuration in RepositoryRestConfigurer?
I added CORS configuration in Spring Security like this:
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
class AppWebSecurityConfigurerAdapter : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity?) {
http {
csrf {
disable()
}
cors {}
sessionManagement {
sessionCreationPolicy = SessionCreationPolicy.STATELESS
}
addFilterAt<UsernamePasswordAuthenticationFilter>(
JwtUsernameAndPasswordAuthenticationFilter(
authenticationManager(),
jwtConfiguration,
secretKey,
repository
)
)
authorizeRequests {
authorize(anyRequest, permitAll)
}
}
}
@Bean
fun corsConfigurationSource(): CorsConfigurationSource {
val configuration = CorsConfiguration().apply {
allowedOriginPatterns = listOf("http://localhost:[*]")
allowedMethods = listOf("*")
allowedHeaders = listOf("*")
exposedHeaders = listOf("*")
maxAge = 1800L
allowCredentials = true
}
return UrlBasedCorsConfigurationSource().apply {
registerCorsConfiguration("/**", configuration)
}
}
}
and CORS in RepositoryRestConfigurer like this
@Component
class AppRepositoryRestConfigurer : RepositoryRestConfigurer {
override fun configureRepositoryRestConfiguration(config: RepositoryRestConfiguration?, cors: CorsRegistry?) {
cors?.addMapping("/**")?.allowedOriginPatterns("http://localhost:[*]")?.allowedHeaders("GET", "POST", "DELETE")
}
}
What is the final CORS configuration?
