Auth token in response header

0fbafda4 · neel · 798038fe · 0fbafda4 · 0fbafda4
Commit 0fbafda4 authored Apr 24, 2020 by neel
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 0 deletions

src/main/java/com/iRecruit/config/SecurityConfig.java
+15 -0

src/main/java/com/iRecruit/security/JwtAuthenticationFilter.java
+2 -0

No files found.
--- a/src/main/java/com/iRecruit/config/SecurityConfig.java
+++ b/src/main/java/com/iRecruit/config/SecurityConfig.java
@@ -17,6 +17,9 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

 import com.iRecruit.security.AuthProvider;
 import com.iRecruit.security.CustomUserDetailsService;
@@ -102,4 +105,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

    }
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token", "auth"));
+        configuration.setExposedHeaders(Arrays.asList("x-auth-token", "auth"));
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }
\ No newline at end of file
--- a/src/main/java/com/iRecruit/security/JwtAuthenticationFilter.java
+++ b/src/main/java/com/iRecruit/security/JwtAuthenticationFilter.java
@@ -44,6 +44,8 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                
                jwt = tokenProvider.generateToken(authentication);
+                response.setHeader("Access-Control-Allow-Headers", "auth");
+                response.setHeader("Access-Control-Expose-Headers", "auth");
                response.setHeader("auth", jwt);
                UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
                SecurityContextHolder.getContext().setAuthentication(authentication);