Estou fazendo uma api com spring boot e consumindo a com angular, depois que apliquei o spring security, sempre que vou fazer a validação do usuario, recebo erro de Cors!
Solucionado
Estou fazendo uma api com spring boot e consumindo a com angular, depois que apliquei o spring security, sempre que vou fazer a validação do usuario, recebo erro de Cors!
hoje, com a Alura e o Google Gemini
Minhas classes: SecurityFilterChain: package com.tarefas.Tarefas.security;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.Arrays;
@Configuration @EnableWebSecurity public class Configurations {
@Autowired
private SecurityFilter securityFilter;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
System.out.println("Entrou no configurations");
return httpSecurity
.cors(cors->cors.disable())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(HttpMethod.POST,"/auth/register").permitAll()
.requestMatchers(HttpMethod.POST,"/auth/login").permitAll()
.requestMatchers("/clientes").hasRole("ADMIN")
.requestMatchers("/funcionarios").hasRole("ADMIN")
.requestMatchers("/tarefas").permitAll()
.anyRequest().authenticated()
)
.addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class)
.build();
}
@Bean
public AuthenticationManager authenticationManager
(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
DoFilter: package com.tarefas.Tarefas.security;
import com.tarefas.Tarefas.domain.usuario.UsuarioRepository; import com.tarefas.Tarefas.security.token.TokenService; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Component public class SecurityFilter extends OncePerRequestFilter {
@Autowired
private TokenService tokenService;
@Autowired
private UsuarioRepository usuarioRepository;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
var token = this.recoverToken(request);
System.out.println("Entrou noFiltro");
System.out.println("Entrando Cors debug");
System.out.println("Saiu Cors debug");
if(token != null) {
System.out.println("Existe um token");
var login = tokenService.validateToken(token);
System.out.println(login);
UserDetails usuario = usuarioRepository.findByLogin(login);
var authentication = new UsernamePasswordAuthenticationToken(usuario,null,usuario.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
System.out.println("Existe mesmo um token!");
}
filterChain.doFilter(request,response);
System.out.println("Saiu do filtro");
}
private String recoverToken(HttpServletRequest request) {
var authHeader = request.getHeader("Authorization");
if (authHeader != null){
return authHeader.replace("Bearer ", "");
}
return null;
}
/*@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD", "TRACE", "CONNECT"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}*/
}