ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.kt

   1 /*
   2  *  Copyright © 2017-2018 AT&T Intellectual Property.
   3  *  Modifications Copyright © 2018 IBM.
   4  *
   5  *  Licensed under the Apache License, Version 2.0 (the "License");
   6  *  you may not use this file except in compliance with the License.
   7  *  You may obtain a copy of the License at
   8  *
   9  *      http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  *  Unless required by applicable law or agreed to in writing, software
  12  *  distributed under the License is distributed on an "AS IS" BASIS,
  13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  *  See the License for the specific language governing permissions and
  15  *  limitations under the License.
  16  */
  17
  18 package org.onap.ccsdk.cds.blueprintsprocessor
  19
  20 import org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager
  21 import org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository
  22 import org.springframework.context.annotation.Bean
  23 import org.springframework.context.annotation.Configuration
  24 import org.springframework.http.HttpMethod
  25 import org.springframework.security.config.web.server.ServerHttpSecurity
  26 import org.springframework.security.web.server.SecurityWebFilterChain
  27 import org.springframework.web.reactive.config.CorsRegistry
  28 import org.springframework.web.reactive.config.ResourceHandlerRegistry
  29 import org.springframework.web.reactive.config.WebFluxConfigurer
  30
  31 /**
  32  * WebConfig
  33  *
  34  * @author Brinda Santh
  35  */
  36 @Configuration
  37 open class WebConfig(private val authenticationManager: AuthenticationManager,
  38                      private val securityContextRepository: SecurityContextRepository) : WebFluxConfigurer {
  39
  40     override fun addResourceHandlers(registry: ResourceHandlerRegistry) {
  41
  42         registry.addResourceHandler("/swagger-ui.html**")
  43                 .addResourceLocations("classpath:/META-INF/resources/")
  44
  45         registry.addResourceHandler("/webjars/**")
  46                 .addResourceLocations("classpath:/META-INF/resources/webjars/")
  47     }
  48
  49     override fun addCorsMappings(corsRegistry: CorsRegistry) {
  50         corsRegistry.addMapping("/**")
  51                 .allowedOrigins("*")
  52                 .allowedMethods("*")
  53                 .allowedHeaders("*")
  54                 .maxAge(3600)
  55     }
  56
  57     @Bean
  58     open fun securityWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
  59         return http.csrf().disable()
  60                 .formLogin().disable()
  61                 .httpBasic().disable()
  62                 .authenticationManager(authenticationManager)
  63                 .securityContextRepository(securityContextRepository!!)
  64                 .authorizeExchange()
  65                 .pathMatchers(HttpMethod.OPTIONS).permitAll()
  66                 .anyExchange().authenticated()
  67                 .and().build()
  68     }
  69 }