diff --git a/docker-compose.yml b/docker-compose.yml
index 117815a..621cfa8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,6 +26,7 @@ services:
DB_PORT: ${DB_PORT}
DB_USER: ${DB_USER}
DB_PASSWORD: ${DB_PASSWORD}
+ APP_ALLOWED_ORIGINS: ${APP_ALLOWED_ORIGINS}
depends_on:
- db
diff --git a/infrastructure/pom.xml b/infrastructure/pom.xml
index bf302b0..c66f6d9 100644
--- a/infrastructure/pom.xml
+++ b/infrastructure/pom.xml
@@ -33,6 +33,11 @@
spring-boot-starter-validation
+
+ org.springframework.boot
+ spring-boot-starter-security
+
+
org.mapstruct
diff --git a/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/CorsConfig.java b/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/CorsConfig.java
index 523e2c5..09ed57d 100644
--- a/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/CorsConfig.java
+++ b/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/CorsConfig.java
@@ -1,24 +1,34 @@
package com.pablotj.portfolio.infrastructure.config;
+import java.util.Arrays;
+import java.util.List;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@Configuration
-public class CorsConfig implements WebMvcConfigurer {
+public class CorsConfig {
@Value("${app.cors.allowed-origins}")
private String allowedOriginsString;
- @Override
- public void addCorsMappings(CorsRegistry registry) {
+ @Bean
+ public CorsConfigurationSource corsConfigurationSource() {
+ CorsConfiguration config = new CorsConfiguration();
- String [] allowedOrigins = allowedOriginsString.split(",");
+ List allowedOrigins = Arrays.asList(allowedOriginsString.split(","));
+ config.setAllowedOriginPatterns(allowedOrigins);
- registry.addMapping("/**")
- .allowedOrigins(allowedOrigins)
- .allowedMethods("GET", "POST", "PUT", "DELETE")
- .allowedHeaders("*");
+ config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+ config.setAllowedHeaders(List.of("*"));
+ config.setAllowCredentials(true);
+
+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+ source.registerCorsConfiguration("/**", config);
+
+ return source;
}
}
diff --git a/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/SecurityConfig.java b/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/SecurityConfig.java
new file mode 100644
index 0000000..44a3c9d
--- /dev/null
+++ b/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/SecurityConfig.java
@@ -0,0 +1,31 @@
+package com.pablotj.portfolio.infrastructure.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfigurationSource;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+ private final CorsConfigurationSource corsConfigurationSource;
+
+ public SecurityConfig(CorsConfigurationSource corsConfigurationSource) {
+ this.corsConfigurationSource = corsConfigurationSource;
+ }
+
+ @Bean
+ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ http
+ .csrf(AbstractHttpConfigurer::disable)
+ .cors(cors -> cors.configurationSource(corsConfigurationSource))
+ .authorizeHttpRequests(auth -> auth
+ .anyRequest().permitAll()
+ );
+ return http.build();
+ }
+}