Feature/add croos origin config (#84)

* Remove Railway configuration Bean * Setup Cros configuration to allow between railway and spring requests
LauroSilveira · Dec 20, 2023 · a094ecc · a094ecc
1 parent 5c24101
commit a094ecc
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 8 deletions.
diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
@@ -15,6 +15,12 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+import java.util.List;
 
 /**
  * Main Spring Security class configuration In Spring 3.0 the security configuration is done by
@@ -32,15 +38,15 @@ public class SecurityConfigurations {
 
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-    //disabel cross site request forgery
+    //disable cross site request forgery
     return http.csrf(AbstractHttpConfigurer::disable)
-        //Disable Spring controll and expone all endpoints
+        //Disable Spring control and allow all endpoints
             .sessionManagement(managementConfigurer ->
                     managementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(httpRequest -> httpRequest
                     .requestMatchers(HttpMethod.POST, "/login").permitAll()
                     .requestMatchers("/v3/api-docs/**", "/swagger-ui.html", "/swagger-ui/**").permitAll()
-                    //any other requeste has to be authenticated
+                    //any other request has to be authenticated
                     .anyRequest().authenticated()
             )
         //tell to spring to user our filter SecurityFilter.class instead their
@@ -49,6 +55,21 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
   }
 
 
+  /**
+   * Configure Cross
+   * @return CorsConfigurationSource
+   */
+  @Bean
+   public CorsConfigurationSource corsConfigurationSource() {
+    CorsConfiguration configuration = new CorsConfiguration();
+    configuration.setAllowedOrigins(List.of("https://alura-flix-api-production.up.railway.app"));
+    configuration.setAllowedMethods(Arrays.asList("GET","POST"));
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", configuration);
+    return source;
+  }
+
+
   /**
    * Crete @Bean AuthenticationManager to authenticate a user
    * @return AuthenticationManager
@@ -61,7 +82,7 @@ public AuthenticationManager authenticationManager(
   }
 
   /**
-   * Bean to encript and decript password
+   * Bean to encrypt and decrypt password
    * @return new PasswordEncoder
    */
   @Bean

diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java
@@ -20,7 +20,7 @@
 @Component
 public class SecurityFilter extends OncePerRequestFilter {
 
-  private static final String PREFIX_LOGGIN = "[SecurityFilter]";
+  private static final String PREFIX_LOGGING = "[SecurityFilter]";
   public static final String AUTHORIZATION = "Authorization";
   private final TokenService tokenService;
 
@@ -38,7 +38,7 @@ protected void doFilterInternal(final HttpServletRequest request,
       final HttpServletResponse response,
       final FilterChain filterChain) throws ServletException, IOException {
 
-    log.info("{} request received intercepeted by Internal Filter", PREFIX_LOGGIN);
+    log.info("{} request received intercepted by Internal Filter", PREFIX_LOGGING);
     final var tokenJWT = this.getTokenJWT(request);
 
     if (tokenJWT != null) {
@@ -48,11 +48,11 @@ protected void doFilterInternal(final HttpServletRequest request,
 
       //after retrieve the user we need to tell to Spring framework to authenticate him in the context
       //this is done by calling UsernamePasswordAuthenticationToken and SecurityContextHolder methods
-      log.info("{} Authenticating user: {} ", PREFIX_LOGGIN, user.getUsername());
+      log.info("{} Authenticating user: {} ", PREFIX_LOGGING, user.getUsername());
       var authentication = new UsernamePasswordAuthenticationToken(user, null,
           user.getAuthorities());
       SecurityContextHolder.getContext().setAuthentication(authentication);
-      log.info("{} User authenticated: {}", PREFIX_LOGGIN, authentication.getPrincipal());
+      log.info("{} User authenticated: {}", PREFIX_LOGGING, authentication.getPrincipal());
     }
     filterChain.doFilter(request, response);
   }