Initial commit

2025-12-08 13:47:02 +01:00
commit 390f290bbd
18 changed files with 664 additions and 0 deletions
--- a/api/src/main/java/be/naaturel/boardmateapi/configurations/AppConfigurations.java
+++ b/api/src/main/java/be/naaturel/boardmateapi/configurations/AppConfigurations.java
@@ -0,0 +1,18 @@
+package be.naaturel.boardmateapi.configurations;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AppConfigurations {
+
+    @Value("${sec.cors.authorizedHots}")
+    public String[] authorizedHosts;
+
+    @Value("${sec.cors.authorizedMethods}")
+    public String[] authorizedMethods;
+
+    @Value("${sec.cors.authorizedHeader}")
+    public String[] authorizedHeaders;
+
+}
--- a/api/src/main/java/be/naaturel/boardmateapi/configurations/AppSecurity.java
+++ b/api/src/main/java/be/naaturel/boardmateapi/configurations/AppSecurity.java
@@ -0,0 +1,50 @@
+package be.naaturel.boardmateapi.configurations;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.transaction.annotation.EnableTransactionManagement;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+import java.util.Arrays;
+
+@Configuration
+@EnableWebSecurity
+@EnableTransactionManagement
+public class AppSecurity {
+
+    private final AppConfigurations conf;
+
+    @Autowired
+    public AppSecurity(AppConfigurations appConf) {
+        this.conf = appConf;
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) {
+
+        return http
+                .csrf(AbstractHttpConfigurer::disable)
+                .build();
+    }
+
+    @Bean
+    public CorsFilter corsFilter() {
+
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(Arrays.asList(conf.authorizedHosts));
+        config.setAllowedMethods(Arrays.asList(conf.authorizedMethods));
+        config.setAllowedHeaders(Arrays.asList(conf.authorizedHeaders));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}
--- a/api/src/main/java/be/naaturel/boardmateapi/configurations/HttpRequests.java
+++ b/api/src/main/java/be/naaturel/boardmateapi/configurations/HttpRequests.java
@@ -0,0 +1,15 @@
+package be.naaturel.boardmateapi.configurations;
+
+import be.naaturel.boardmateapi.Interceptor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class HttpRequests implements WebMvcConfigurer {
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(new Interceptor());
+    }
+}