Extend CorsDsl with CorsConfigurationSource property

Issue: gh-9314
2021-01-08 21:47:59 +03:00 · 2021-01-08 21:47:59 +03:00 · f4d78d00ef
parent 0201c31deb
commit f4d78d00ef
2 changed files with 40 additions and 4 deletions
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/CorsDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/CorsDsl.kt
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -18,15 +18,19 @@ package org.springframework.security.config.web.servlet

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.CorsConfigurer
+import org.springframework.web.cors.CorsConfigurationSource

 /**
 * A Kotlin DSL to configure [HttpSecurity] CORS using idiomatic Kotlin code.
 *
 * @author Eleftheria Stein
 * @since 5.3
+ * @property configurationSource the [CorsConfigurationSource] to use.
 */
@SecurityMarker
 class CorsDsl {
+    var configurationSource: CorsConfigurationSource? = null
+
    private var disabled = false

    /**
@ -38,6 +42,7 @@ class CorsDsl {

    internal fun get(): (CorsConfigurer<HttpSecurity>) -> Unit {
        return { cors ->
+            configurationSource?.also { cors.configurationSource(configurationSource) }
            if (disabled) {
                cors.disable()
            }
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/CorsDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/web/servlet/CorsDslTests.kt
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -67,7 +67,7 @@ class CorsDslTests {

    @Test
    fun `CORS when CORS configuration source bean then responds with CORS header`() {
-        this.spring.register(CorsCrossOriginConfig::class.java).autowire()
+        this.spring.register(CorsCrossOriginBeanConfig::class.java).autowire()

        this.mockMvc.get("/")
        {
@ -79,7 +79,7 @@ class CorsDslTests {

    @EnableWebMvc
    @EnableWebSecurity
-    open class CorsCrossOriginConfig : WebSecurityConfigurerAdapter() {
+    open class CorsCrossOriginBeanConfig : WebSecurityConfigurerAdapter() {
        override fun configure(http: HttpSecurity) {
            http {
                cors { }
@ -135,4 +135,35 @@ class CorsDslTests {
            return source
        }
    }
+
+    @Test
+    fun `CORS when CORS configuration source dsl then responds with CORS header`() {
+        this.spring.register(CorsCrossOriginBeanConfig::class.java).autowire()
+
+        this.mockMvc.get("/")
+        {
+            header(HttpHeaders.ORIGIN, "https://example.com")
+        }.andExpect {
+            header { exists("Access-Control-Allow-Origin") }
+        }
+    }
+
+    @EnableWebMvc
+    @EnableWebSecurity
+    open class CorsCrossOriginSourceConfig : WebSecurityConfigurerAdapter() {
+        override fun configure(http: HttpSecurity) {
+            val source = UrlBasedCorsConfigurationSource()
+            val corsConfiguration = CorsConfiguration()
+            corsConfiguration.allowedOrigins = listOf("*")
+            corsConfiguration.allowedMethods = listOf(
+                    RequestMethod.GET.name,
+                    RequestMethod.POST.name)
+            source.registerCorsConfiguration("/**", corsConfiguration)
+            http {
+                cors {
+                    configurationSource = source
+                }
+            }
+        }
+    }
 }