• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• microservices-basics-spring-boot-master
  • auth-server
    • src
      • main
        • resources
          • application.yml
          • anilkeystore.jks
          • templates
            • login.ftl
            • authorize.ftl
          • run.sh
          • bootstrap.yml
          • schema.sql
        • docker
          • Dockerfile
        • java
          • com
            • anilallewar
              • microservices
                • auth
                  • api
                    • AuthUserController.java
                  • config
                    • OAuthServerConfiguration.java
                    • OAuthWebFormConfiguration.java
                  • service
                    • JdbcUserDetailsService.java
                  • AuthServerApplication.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • .settings
      • org.eclipse.buildship.core.prefs
      • gradle
        • org.springsource.ide.eclipse.gradle.refresh.prefs
        • org.springsource.ide.eclipse.gradle.core.prefs
        • org.springsource.ide.eclipse.gradle.core.import.prefs
      • org.eclipse.jdt.core.prefs
    • build.gradle
    • README.md
    • .gitignore
    • .project
  • webservice-registry
    • src
      • main
        • resources
          • application.yml
          • run.sh
          • bootstrap.yml
        • docker
          • Dockerfile
        • java
          • com
            • anilallewar
              • microservices
                • registry
                  • RegistryApplication.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • .settings
      • org.eclipse.jdt.core.prefs
    • build.gradle
    • README.md
    • .gitignore
    • .project
  • images
    • Target_Architecture.jpg
    • Application_Components.jpg
  • config-server
    • src
      • main
        • resources
          • application.yml
          • run.sh
          • bootstrap.yml
        • docker
          • Dockerfile
        • java
          • com
            • anilallewar
              • microservices
                • config
                  • ConfigApplication.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • .settings
      • org.eclipse.jdt.core.prefs
    • build.gradle
    • README.md
    • .gitignore
    • .project
  • LICENSE
  • zipkin-server
    • src
      • main
        • resources
          • application.yml
          • run.sh
          • bootstrap.yml
        • docker
          • Dockerfile
        • java
          • com
            • anilallewar
              • microservices
                • tracing
                  • ZipkinTracingApplication.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • .settings
      • org.eclipse.jdt.core.prefs
    • build.gradle
    • README.md
    • .gitignore
    • .project
  • comments-webservice
    • src
      • main
        • resources
          • application.yml
          • run.sh
          • bootstrap.yml
        • docker
          • Dockerfile
        • java
          • com
            • anilallewar
              • microservices
                • comments
                  • apis
                    • CommentsController.java
                  • CommentsApplication.java
                  • dtos
                    • CommentDTO.java
      • test
        • resources
          • contracts
            • task
              • comments
                • returnCommentsForTasks.groovy
        • java
          • com
            • anilallewar
              • microservices
                • comments
                  • contracts
                    • TaskCommentsBase.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • .settings
      • org.eclipse.buildship.core.prefs
      • org.eclipse.jdt.groovy.core.prefs
      • org.eclipse.jdt.core.prefs
    • build.gradle
    • README.md
    • .gitignore
    • .project
  • web-portal
    • src
      • main
        • resources
          • application.yml
          • run.sh
          • bootstrap.yml
          • static
            • views
              • user.html
              • task-comments.html
              • task.html
              • home.html
              • task-details.html
            • js
              • libs
                • angular.min.js
                • angular-route.min.js
              • app
                • services
                  • dataservice.js
                • oauthapp.js
                • controller
                  • homeController.js
                  • navController.js
                  • userController.js
                  • taskController.js
            • index.html
            • css
              • bootstrap.min.css
        • docker
          • Dockerfile
        • java
          • com
            • anilallewar
              • microservices
                • portal
                  • PortalApplication.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • .settings
      • org.eclipse.buildship.core.prefs
      • org.eclipse.jdt.core.prefs
    • build.gradle
    • README.md
    • .gitignore
    • .project
  • api-gateway
    • src
      • main
        • resources
          • application.yml
          • run.sh
          • bootstrap.yml
        • docker
          • Dockerfile
        • java
          • com
            • anilallewar
              • microservices
                • gateway
                  • security
                    • WebSecurityConfiguration.java
                  • config
                    • swagger
                      • SwaggerDocumentationConfiguration.java
                    • bean
                      • BeanFactory.java
                  • GatewayApplication.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • .settings
      • org.eclipse.buildship.core.prefs
      • gradle
        • org.springsource.ide.eclipse.gradle.refresh.prefs
        • org.springsource.ide.eclipse.gradle.core.prefs
        • org.springsource.ide.eclipse.gradle.core.import.prefs
      • org.eclipse.jdt.core.prefs
    • build.gradle
    • README.md
    • .gitignore
    • .project
  • docker-image-all-projects.sh
  • build-all-projects.sh
  • README.md
  • user-webservice
    • src
      • main
        • resources
          • application.yml
          • run.sh
          • bootstrap.yml
        • docker
          • Dockerfile
        • java
          • com
            • anilallewar
              • microservices
                • user
                  • dto
                    • UserDTO.java
                  • UserApplication.java
                  • api
                    • UserController.java
                  • config
                    • security
                      • WebSecurityConfiguration.java
                      • ResourceServerConfiguration.java
                    • UserBeanFactory.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • .settings
      • org.eclipse.buildship.core.prefs
      • org.eclipse.jdt.core.prefs
    • build.gradle
    • README.md
    • .gitignore
    • .project
  • task-webservice
    • src
      • main
        • resources
          • application.yml
          • run.sh
          • bootstrap.yml
        • docker
          • Dockerfile
        • java
          • com
            • anilallewar
              • microservices
                • task
                  • apis
                    • CommentsService.java
                    • TaskController.java
                  • config
                    • security
                      • WebSecurityConfiguration.java
                      • ResourceServerConfiguration.java
                    • OAuthClientConfiguration.java
                    • TaskBeanFactory.java
                  • dtos
                    • TaskDTO.java
                  • model
                    • CommentResource.java
                    • CommentCollectionResource.java
                  • TaskApplication.java
      • test
        • java
          • com
            • anilallewar
              • microservices
                • task
                  • oauth2
                    • security
                      • WithOAuth2MockAccessTokenSecurityContextFactory.java
                      • WithMockOAuth2Token.java
                    • config
                      • OAuth2ClientTestConfiguration.java
                  • CommentsServiceTests.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • .settings
      • org.eclipse.buildship.core.prefs
      • gradle
        • org.springsource.ide.eclipse.gradle.refresh.prefs
        • org.springsource.ide.eclipse.gradle.core.prefs
        • org.springsource.ide.eclipse.gradle.core.import.prefs
      • org.eclipse.jdt.core.prefs
    • build.gradle
    • README.md
    • .gitignore
    • .project
  • docker-orchestration
    • rancher
      • rancher-compose.yml
      • docker-compose.yml
    • docker-compose
      • docker-compose.yml

package com.anilallewar.microservices.gateway.security;

import org.springframework.boot.actuate.autoconfigure.ManagementServerProperties;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import com.google.common.collect.ImmutableList;

@Configuration
@EnableWebSecurity
@Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)
@EnableOAuth2Sso
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Override
	public void configure(HttpSecurity http) throws Exception {

		// @formatter:off
		http
			// configure CORS -- uses a Bean by the name of corsConfigurationSource (see method below)
        		// CORS must be configured prior to Spring Security
			.cors()
			.and()
				.sessionManagement()
					.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
			.and()
				.authorizeRequests()
					.antMatchers("/**")
						.permitAll()
			.and()
				.csrf()
					.disable();
		// @formatter:on
	}

	@Bean
	public CorsConfigurationSource corsConfigurationSource() {
		final CorsConfiguration configuration = new CorsConfiguration();
		configuration.setAllowedOrigins(ImmutableList.of("*"));
		configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));

		// setAllowCredentials(true) is important, otherwise:
		// The value of the 'Access-Control-Allow-Origin' header in the response must
		// not be the wildcard '*' when the request's credentials mode is 'include'.
		configuration.setAllowCredentials(true);

		// setAllowedHeaders is important! Without it, OPTIONS preflight request
		// will fail with 403 Invalid CORS request
		configuration.setAllowedHeaders(ImmutableList.of("*"));

		final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
		source.registerCorsConfiguration("/**", configuration);
		return source;
	}
}