2 * Copyright © 2017-2018 AT&T Intellectual Property.
3 * Modifications Copyright © 2018 IBM.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 package org.onap.ccsdk.cds.blueprintsprocessor;
20 import org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager;
21 import org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository;
22 import org.springframework.beans.factory.annotation.Autowired;
23 import org.springframework.context.annotation.Bean;
24 import org.springframework.context.annotation.Configuration;
25 import org.springframework.http.HttpMethod;
26 import org.springframework.security.config.web.server.ServerHttpSecurity;
27 import org.springframework.security.web.server.SecurityWebFilterChain;
28 import org.springframework.web.reactive.config.CorsRegistry;
29 import org.springframework.web.reactive.config.ResourceHandlerRegistry;
30 import org.springframework.web.reactive.config.WebFluxConfigurer;
35 * @author Brinda Santh 8/13/2018
38 public class WebConfig implements WebFluxConfigurer {
41 private AuthenticationManager authenticationManager;
44 private SecurityContextRepository securityContextRepository;
47 public void addResourceHandlers(ResourceHandlerRegistry registry) {
49 registry.addResourceHandler("/swagger-ui.html**")
50 .addResourceLocations("classpath:/META-INF/resources/");
52 registry.addResourceHandler("/webjars/**")
53 .addResourceLocations("classpath:/META-INF/resources/webjars/");
57 public void addCorsMappings(CorsRegistry corsRegistry) {
58 corsRegistry.addMapping("/**")
67 public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
68 return http.csrf().disable()
69 .formLogin().disable()
70 .httpBasic().disable()
71 .authenticationManager(authenticationManager)
72 .securityContextRepository(securityContextRepository)
74 .pathMatchers(HttpMethod.OPTIONS).permitAll()
75 .anyExchange().authenticated()