ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.kt

   1 /*
   2  *  Copyright © 2017-2018 AT&T Intellectual Property.
   3  *  Modifications Copyright © 2018 IBM.
   4  *
   5  *  Licensed under the Apache License, Version 2.0 (the "License");
   6  *  you may not use this file except in compliance with the License.
   7  *  You may obtain a copy of the License at
   8  *
   9  *      http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  *  Unless required by applicable law or agreed to in writing, software
  12  *  distributed under the License is distributed on an "AS IS" BASIS,
  13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  *  See the License for the specific language governing permissions and
  15  *  limitations under the License.
  16  */
  17
  18 package org.onap.ccsdk.cds.blueprintsprocessor
  19
  20 import org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager
  21 import org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository
  22 import org.springframework.context.annotation.Bean
  23 import org.springframework.context.annotation.Configuration
  24 import org.springframework.http.HttpMethod
  25 import org.springframework.security.config.web.server.ServerHttpSecurity
  26 import org.springframework.security.web.server.SecurityWebFilterChain
  27 import org.springframework.web.reactive.config.CorsRegistry
  28 import org.springframework.web.reactive.config.ResourceHandlerRegistry
  29 import org.springframework.web.reactive.config.WebFluxConfigurer
  30
  31 /**
  32  * WebConfig
  33  *
  34  * @author Brinda Santh
  35  */
  36 @Configuration
  37 open class WebConfig(
  38     private val authenticationManager: AuthenticationManager,
  39     private val securityContextRepository: SecurityContextRepository
  40 ) : WebFluxConfigurer {
  41
  42     override fun addResourceHandlers(registry: ResourceHandlerRegistry) {
  43
  44         registry.addResourceHandler("/swagger-ui.html**")
  45             .addResourceLocations("classpath:/META-INF/resources/")
  46
  47         registry.addResourceHandler("/webjars/**")
  48             .addResourceLocations("classpath:/META-INF/resources/webjars/")
  49     }
  50
  51     override fun addCorsMappings(corsRegistry: CorsRegistry) {
  52         corsRegistry.addMapping("/**")
  53             .allowedOrigins("*")
  54             .allowedMethods("*")
  55             .allowedHeaders("*")
  56             .maxAge(3600)
  57     }
  58
  59     @Bean
  60     open fun securityWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
  61         return http.csrf().disable()
  62             .formLogin().disable()
  63             .httpBasic().disable()
  64             .authenticationManager(authenticationManager)
  65             .securityContextRepository(securityContextRepository!!)
  66             .authorizeExchange()
  67             .pathMatchers(HttpMethod.OPTIONS).permitAll()
  68             .anyExchange().authenticated()
  69             .and().build()
  70     }
  71 }