Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Rubén Ramírez
/
MangAffinity
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Settings
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
4d34c71d
authored
Mar 06, 2025
by
Rubén Ramírez
Browse files
Options
_('Browse Files')
Download
Email Patches
Plain Diff
feat: [ServicioSeguridad]: Añadida la configuración para el CORS
parent
7d898a4d
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
2 deletions
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
View file @
4d34c71d
...
@@ -9,6 +9,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
...
@@ -9,6 +9,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import
org.springframework.security.crypto.password.PasswordEncoder
;
import
org.springframework.security.crypto.password.PasswordEncoder
;
import
org.springframework.security.web.SecurityFilterChain
;
import
org.springframework.security.web.SecurityFilterChain
;
import
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
;
import
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
;
import
org.springframework.web.cors.CorsConfiguration
;
import
java.util.List
;
@Configuration
@Configuration
@EnableWebSecurity
@EnableWebSecurity
...
@@ -25,16 +28,26 @@ public class ServicioSeguridad {
...
@@ -25,16 +28,26 @@ public class ServicioSeguridad {
return
http
return
http
.
csrf
(
csrf
->
csrf
.
disable
())
.
csrf
(
csrf
->
csrf
.
disable
())
.
sessionManagement
(
session
->
session
.
disable
())
// Desactivar sesiones
.
sessionManagement
(
session
->
session
.
disable
())
// Desactivar sesiones
.
cors
(
cors
->
cors
.
configurationSource
(
request
->
{
CorsConfiguration
config
=
new
CorsConfiguration
();
config
.
setAllowedOrigins
(
List
.
of
(
"http://localhost"
));
// Permitir peticiones desde localhost
config
.
setAllowedMethods
(
List
.
of
(
"GET"
,
"POST"
,
"PUT"
,
"DELETE"
,
"OPTIONS"
));
// Métodos permitidos
config
.
setAllowedHeaders
(
List
.
of
(
"*"
));
// Permitir todos los headers
config
.
setAllowCredentials
(
true
);
// Permitir credenciales (cookies, auth headers, etc.)
return
config
;
}))
.
authorizeHttpRequests
(
request
->
request
.
authorizeHttpRequests
(
request
->
request
.
requestMatchers
(
HttpMethod
.
GET
,
"/uploads/**"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
POST
,
"/usuarios/{email}"
).
permitAll
()
// Permitir login sin autenticación
.
requestMatchers
(
HttpMethod
.
POST
,
"/usuarios/{email}"
).
permitAll
()
// Permitir login sin autenticación
.
requestMatchers
(
HttpMethod
.
GET
,
"/usuarios/email/{email}"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/usuarios/email/{email}"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
POST
,
"/usuarios/"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
POST
,
"/usuarios/"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/actuator/health"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/titulo/**"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/titulo/**"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/autor/**"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/autor/**"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/genero/**"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/genero/**"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/fecha"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/fecha"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/{id}"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos/{id}"
).
permitAll
()
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos"
).
hasAuthority
(
"ROLE_ADMIN"
)
.
requestMatchers
(
HttpMethod
.
GET
,
"/recursos"
).
permitAll
(
)
.
requestMatchers
(
HttpMethod
.
POST
,
"/recursos/"
).
hasAuthority
(
"ROLE_ADMIN"
)
.
requestMatchers
(
HttpMethod
.
POST
,
"/recursos/"
).
hasAuthority
(
"ROLE_ADMIN"
)
.
requestMatchers
(
HttpMethod
.
PUT
,
"/recursos/{id}"
).
hasAuthority
(
"ROLE_ADMIN"
)
.
requestMatchers
(
HttpMethod
.
PUT
,
"/recursos/{id}"
).
hasAuthority
(
"ROLE_ADMIN"
)
.
requestMatchers
(
HttpMethod
.
DELETE
,
"/recursos/{id}"
).
hasAuthority
(
"ROLE_ADMIN"
)
.
requestMatchers
(
HttpMethod
.
DELETE
,
"/recursos/{id}"
).
hasAuthority
(
"ROLE_ADMIN"
)
...
@@ -50,7 +63,8 @@ public class ServicioSeguridad {
...
@@ -50,7 +63,8 @@ public class ServicioSeguridad {
.
addFilterBefore
(
new
JwtFilter
(
jwtUtil
),
UsernamePasswordAuthenticationFilter
.
class
)
// Usar solo JWT
.
addFilterBefore
(
new
JwtFilter
(
jwtUtil
),
UsernamePasswordAuthenticationFilter
.
class
)
// Usar solo JWT
.
build
();
.
build
();
}
}
@Bean
public
PasswordEncoder
passwordEncoder
()
{
@Bean
public
PasswordEncoder
passwordEncoder
()
{
return
new
BCryptPasswordEncoder
();
return
new
BCryptPasswordEncoder
();
}
}
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment