2 * Copyright © 2017-2018 AT&T Intellectual Property.
3 * Modifications Copyright © 2018 IBM.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 package org.onap.ccsdk.cds.blueprintsprocessor
20 import org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager
21 import org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository
22 import org.springframework.context.annotation.Bean
23 import org.springframework.context.annotation.Configuration
24 import org.springframework.http.HttpMethod
25 import org.springframework.security.config.web.server.ServerHttpSecurity
26 import org.springframework.security.web.server.SecurityWebFilterChain
27 import org.springframework.web.reactive.config.CorsRegistry
28 import org.springframework.web.reactive.config.ResourceHandlerRegistry
29 import org.springframework.web.reactive.config.WebFluxConfigurer
34 * @author Brinda Santh
37 open class WebConfig(private val authenticationManager: AuthenticationManager,
38 private val securityContextRepository: SecurityContextRepository) : WebFluxConfigurer {
40 override fun addResourceHandlers(registry: ResourceHandlerRegistry) {
42 registry.addResourceHandler("/swagger-ui.html**")
43 .addResourceLocations("classpath:/META-INF/resources/")
45 registry.addResourceHandler("/webjars/**")
46 .addResourceLocations("classpath:/META-INF/resources/webjars/")
49 override fun addCorsMappings(corsRegistry: CorsRegistry) {
50 corsRegistry.addMapping("/**")
58 open fun securityWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
59 return http.csrf().disable()
60 .formLogin().disable()
61 .httpBasic().disable()
62 .authenticationManager(authenticationManager)
63 .securityContextRepository(securityContextRepository!!)
65 .pathMatchers(HttpMethod.OPTIONS).permitAll()
66 .anyExchange().authenticated()