2 * Copyright © 2017-2018 AT&T Intellectual Property.
3 * Modifications Copyright © 2018 IBM.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 package org.onap.ccsdk.cds.blueprintsprocessor
20 import org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager
21 import org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository
22 import org.springframework.context.annotation.Bean
23 import org.springframework.context.annotation.Configuration
24 import org.springframework.http.HttpMethod
25 import org.springframework.security.config.web.server.ServerHttpSecurity
26 import org.springframework.security.web.server.SecurityWebFilterChain
27 import org.springframework.web.reactive.config.CorsRegistry
28 import org.springframework.web.reactive.config.ResourceHandlerRegistry
29 import org.springframework.web.reactive.config.WebFluxConfigurer
34 * @author Brinda Santh
38 private val authenticationManager: AuthenticationManager,
39 private val securityContextRepository: SecurityContextRepository
40 ) : WebFluxConfigurer {
42 override fun addResourceHandlers(registry: ResourceHandlerRegistry) {
44 registry.addResourceHandler("/swagger-ui.html**")
45 .addResourceLocations("classpath:/META-INF/resources/")
47 registry.addResourceHandler("/webjars/**")
48 .addResourceLocations("classpath:/META-INF/resources/webjars/")
51 override fun addCorsMappings(corsRegistry: CorsRegistry) {
52 corsRegistry.addMapping("/**")
60 open fun securityWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
61 return http.csrf().disable()
62 .formLogin().disable()
63 .httpBasic().disable()
64 .authenticationManager(authenticationManager)
65 .securityContextRepository(securityContextRepository!!)
67 .pathMatchers(HttpMethod.OPTIONS).permitAll()
68 .anyExchange().authenticated()