Commit 4d34c71d by Rubén Ramírez

feat: [ServicioSeguridad]: Añadida la configuración para el CORS

parent 7d898a4d
...@@ -9,6 +9,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; ...@@ -9,6 +9,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import java.util.List;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
...@@ -25,16 +28,26 @@ public class ServicioSeguridad { ...@@ -25,16 +28,26 @@ public class ServicioSeguridad {
return http return http
.csrf(csrf -> csrf.disable()) .csrf(csrf -> csrf.disable())
.sessionManagement(session -> session.disable()) // Desactivar sesiones .sessionManagement(session -> session.disable()) // Desactivar sesiones
.cors(cors -> cors.configurationSource(request -> {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(List.of("http://localhost")); // Permitir peticiones desde localhost
config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); // Métodos permitidos
config.setAllowedHeaders(List.of("*")); // Permitir todos los headers
config.setAllowCredentials(true); // Permitir credenciales (cookies, auth headers, etc.)
return config;
}))
.authorizeHttpRequests(request -> request .authorizeHttpRequests(request -> request
.requestMatchers(HttpMethod.GET, "/uploads/**").permitAll()
.requestMatchers(HttpMethod.POST, "/usuarios/{email}").permitAll() // Permitir login sin autenticación .requestMatchers(HttpMethod.POST, "/usuarios/{email}").permitAll() // Permitir login sin autenticación
.requestMatchers(HttpMethod.GET, "/usuarios/email/{email}").permitAll() .requestMatchers(HttpMethod.GET, "/usuarios/email/{email}").permitAll()
.requestMatchers(HttpMethod.POST, "/usuarios/").permitAll() .requestMatchers(HttpMethod.POST, "/usuarios/").permitAll()
.requestMatchers(HttpMethod.GET, "/actuator/health").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/titulo/**").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/titulo/**").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/autor/**").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/autor/**").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/genero/**").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/genero/**").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/fecha").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/fecha").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/{id}").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/{id}").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.GET, "/recursos").permitAll()
.requestMatchers(HttpMethod.POST, "/recursos/").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.POST, "/recursos/").hasAuthority("ROLE_ADMIN")
.requestMatchers(HttpMethod.PUT, "/recursos/{id}").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.PUT, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
.requestMatchers(HttpMethod.DELETE, "/recursos/{id}").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.DELETE, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
...@@ -50,7 +63,8 @@ public class ServicioSeguridad { ...@@ -50,7 +63,8 @@ public class ServicioSeguridad {
.addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class) // Usar solo JWT .addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class) // Usar solo JWT
.build(); .build();
} }
@Bean public PasswordEncoder passwordEncoder() {
@Bean public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(); return new BCryptPasswordEncoder();
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment