diff --git a/spring-security-cors/pom.xml b/spring-security-cors/pom.xml new file mode 100644 index 0000000000..0dd41e66c7 --- /dev/null +++ b/spring-security-cors/pom.xml @@ -0,0 +1,66 @@ + + + 4.0.0 + com.baeldung + spring-security-cors + 0.0.1-SNAPSHOT + jar + spring-security-cors + Spring Security CORS + + + com.baeldung + parent-modules + 1.0.0-SNAPSHOT + + + + + + org.springframework.boot + spring-boot-dependencies + 2.1.2.RELEASE + pom + import + + + + + + + org.springframework.boot + spring-boot-starter-security + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.security + spring-security-test + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + + + UTF-8 + UTF-8 + + + diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/SpringBootSecurityApplication.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/SpringBootSecurityApplication.java new file mode 100644 index 0000000000..89bf0dde5d --- /dev/null +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/SpringBootSecurityApplication.java @@ -0,0 +1,14 @@ +package com.baeldung.springbootsecuritycors.basicauth; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecuritycors") +@EnableAutoConfiguration +public class SpringBootSecurityApplication { + + public static void main(String[] args) { + SpringApplication.run(SpringBootSecurityApplication.class, args); + } +} diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java new file mode 100644 index 0000000000..684354bf26 --- /dev/null +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java @@ -0,0 +1,19 @@ +package com.baeldung.springbootsecuritycors.basicauth.config; + +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@EnableWebSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .anyRequest().authenticated() + .and() + .httpBasic(); + http.cors(); //disable this line to reproduce the CORS 401 + } +} diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java new file mode 100644 index 0000000000..7292c7f4f4 --- /dev/null +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java @@ -0,0 +1,17 @@ +package com.baeldung.springbootsecuritycors.controller; + +import java.security.Principal; + +import org.springframework.web.bind.annotation.CrossOrigin; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@CrossOrigin("http://localhost:4200") +public class ResourceController { + + @GetMapping("/user") + public String user(Principal principal) { + return principal.getName(); + } +} diff --git a/spring-security-cors/src/test/java/com/baeldung/springbootsecuritycors/ResourceControllerTest.java b/spring-security-cors/src/test/java/com/baeldung/springbootsecuritycors/ResourceControllerTest.java new file mode 100644 index 0000000000..b45529ca5f --- /dev/null +++ b/spring-security-cors/src/test/java/com/baeldung/springbootsecuritycors/ResourceControllerTest.java @@ -0,0 +1,42 @@ +package com.baeldung.springbootsecuritycors; + +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.web.context.WebApplicationContext; + +import com.baeldung.springbootsecuritycors.basicauth.SpringBootSecurityApplication; + +@RunWith(SpringRunner.class) +@SpringBootTest(classes = { SpringBootSecurityApplication.class }) +public class ResourceControllerTest { + + private MockMvc mockMvc; + + @Autowired + private WebApplicationContext wac; + + @Before + public void setUp() { + this.mockMvc = MockMvcBuilders.webAppContextSetup(wac) + .apply(SecurityMockMvcConfigurers.springSecurity()) + .build(); + } + + @Test + public void givenPreFlightRequest_whenPerfomed_shouldReturnOK() throws Exception { + mockMvc.perform(options("/user") + .header("Access-Control-Request-Method", "GET") + .header("Origin", "http://localhost:4200")) + .andExpect(status().isOk()); + } +}