2 * Copyright © 2017-2018 AT&T Intellectual Property.
3 * Modifications Copyright © 2018 IBM.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 package org.onap.ccsdk.cds.blueprintsprocessor;
20 import org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager;
21 import org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository;
22 import org.springframework.beans.factory.annotation.Autowired;
23 import org.springframework.context.annotation.Bean;
24 import org.springframework.context.annotation.Configuration;
25 import org.springframework.http.HttpMethod;
26 import org.springframework.security.config.web.server.ServerHttpSecurity;
27 import org.springframework.security.web.server.SecurityWebFilterChain;
28 import org.springframework.web.reactive.config.CorsRegistry;
29 import org.springframework.web.reactive.config.ResourceHandlerRegistry;
30 import org.springframework.web.reactive.config.WebFluxConfigurationSupport;
35 * @author Brinda Santh 8/13/2018
38 public class WebConfig extends WebFluxConfigurationSupport {
41 private AuthenticationManager authenticationManager;
44 private SecurityContextRepository securityContextRepository;
47 public void addResourceHandlers(ResourceHandlerRegistry registry) {
48 registry.addResourceHandler("swagger-ui.html")
49 .addResourceLocations("classpath:/META-INF/resources/");
51 registry.addResourceHandler("/webjars/**")
52 .addResourceLocations("classpath:/META-INF/resources/webjars/");
56 public void addCorsMappings(CorsRegistry corsRegistry) {
57 corsRegistry.addMapping("/**")
66 public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
67 return http.csrf().disable()
68 .formLogin().disable()
69 .httpBasic().disable()
70 .authenticationManager(authenticationManager)
71 .securityContextRepository(securityContextRepository)
73 .pathMatchers(HttpMethod.OPTIONS).permitAll()
74 .anyExchange().authenticated()