feat: [ServicioSeguridad]: Añadida la configuración para el CORS

4d34c71d · Rubén Ramírez · 7d898a4d · 4d34c71d
Commit 4d34c71d authored Mar 06, 2025 by Rubén Ramírez
Showing with 15 additions and 1 deletions
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
--- a/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
+++ b/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
@@ -9,6 +9,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+
+import java.util.List;

 @Configuration
 @EnableWebSecurity
@@ -25,16 +28,26 @@ public class ServicioSeguridad {
        return http
                .csrf(csrf -> csrf.disable())
                .sessionManagement(session -> session.disable()) // Desactivar sesiones
+                .cors(cors -> cors.configurationSource(request -> {
+                    CorsConfiguration config = new CorsConfiguration();
+                    config.setAllowedOrigins(List.of("http://localhost")); // Permitir peticiones desde localhost
+                    config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); // Métodos permitidos
+                    config.setAllowedHeaders(List.of("*")); // Permitir todos los headers
+                    config.setAllowCredentials(true); // Permitir credenciales (cookies, auth headers, etc.)
+                    return config;
+                }))
                .authorizeHttpRequests(request -> request
+                        .requestMatchers(HttpMethod.GET, "/uploads/**").permitAll()
                        .requestMatchers(HttpMethod.POST, "/usuarios/{email}").permitAll() // Permitir login sin autenticación
                        .requestMatchers(HttpMethod.GET, "/usuarios/email/{email}").permitAll()
                        .requestMatchers(HttpMethod.POST, "/usuarios/").permitAll()
+                        .requestMatchers(HttpMethod.GET, "/actuator/health").permitAll()
                        .requestMatchers(HttpMethod.GET, "/recursos/titulo/**").permitAll()
                        .requestMatchers(HttpMethod.GET, "/recursos/autor/**").permitAll()
                        .requestMatchers(HttpMethod.GET, "/recursos/genero/**").permitAll()
                        .requestMatchers(HttpMethod.GET, "/recursos/fecha").permitAll()
                        .requestMatchers(HttpMethod.GET, "/recursos/{id}").permitAll()
-                        .requestMatchers(HttpMethod.GET, "/recursos").hasAuthority("ROLE_ADMIN")
+                        .requestMatchers(HttpMethod.GET, "/recursos").permitAll()
                        .requestMatchers(HttpMethod.POST, "/recursos/").hasAuthority("ROLE_ADMIN")
                        .requestMatchers(HttpMethod.PUT, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
                        .requestMatchers(HttpMethod.DELETE, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
@@ -50,6 +63,7 @@ public class ServicioSeguridad {
                .addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class) // Usar solo JWT
                .build();
    }
+
    @Bean public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }