2 * Copyright © 2017-2018 AT&T Intellectual Property.
\r
3 * Modifications Copyright © 2018 IBM.
\r
5 * Licensed under the Apache License, Version 2.0 (the "License");
\r
6 * you may not use this file except in compliance with the License.
\r
7 * You may obtain a copy of the License at
\r
9 * http://www.apache.org/licenses/LICENSE-2.0
\r
11 * Unless required by applicable law or agreed to in writing, software
\r
12 * distributed under the License is distributed on an "AS IS" BASIS,
\r
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
14 * See the License for the specific language governing permissions and
\r
15 * limitations under the License.
\r
18 package org.onap.ccsdk.apps.blueprintsprocessor;
\r
20 import org.onap.ccsdk.apps.blueprintsprocessor.security.AuthenticationManager;
\r
21 import org.onap.ccsdk.apps.blueprintsprocessor.security.SecurityContextRepository;
\r
22 import org.springframework.beans.factory.annotation.Autowired;
\r
23 import org.springframework.context.annotation.Bean;
\r
24 import org.springframework.context.annotation.Configuration;
\r
25 import org.springframework.http.HttpMethod;
\r
26 import org.springframework.security.config.web.server.ServerHttpSecurity;
\r
27 import org.springframework.security.web.server.SecurityWebFilterChain;
\r
28 import org.springframework.web.reactive.config.CorsRegistry;
\r
29 import org.springframework.web.reactive.config.ResourceHandlerRegistry;
\r
30 import org.springframework.web.reactive.config.WebFluxConfigurationSupport;
\r
35 * @author Brinda Santh 8/13/2018
\r
38 public class WebConfig extends WebFluxConfigurationSupport {
\r
41 private AuthenticationManager authenticationManager;
\r
44 private SecurityContextRepository securityContextRepository;
\r
47 public void addResourceHandlers(ResourceHandlerRegistry registry) {
\r
48 registry.addResourceHandler("swagger-ui.html")
\r
49 .addResourceLocations("classpath:/META-INF/resources/");
\r
51 registry.addResourceHandler("/webjars/**")
\r
52 .addResourceLocations("classpath:/META-INF/resources/webjars/");
\r
56 public void addCorsMappings(CorsRegistry corsRegistry) {
\r
57 corsRegistry.addMapping("/**")
\r
58 .allowedOrigins("*")
\r
59 .allowedMethods("*")
\r
60 .allowedHeaders("*")
\r
66 public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
\r
67 return http.csrf().disable()
\r
68 .formLogin().disable()
\r
69 .httpBasic().disable()
\r
70 .authenticationManager(authenticationManager)
\r
71 .securityContextRepository(securityContextRepository)
\r
72 .authorizeExchange()
\r
73 .pathMatchers(HttpMethod.OPTIONS).permitAll()
\r
74 .anyExchange().authenticated()
\r