diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java index faa803cde9..684354bf26 100644 --- a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java @@ -1,33 +1,19 @@ package com.baeldung.springbootsecuritycors.basicauth.config; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth - .inMemoryAuthentication() - .withUser("user") - .password("{noop}password") - .roles("USER"); + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .anyRequest().authenticated() + .and() + .httpBasic(); + http.cors(); //disable this line to reproduce the CORS 401 } - -@Override -protected void configure(HttpSecurity http) throws Exception { - http - .csrf().disable() - .cors().and() //disable this line to reproduce the CORS 401 - .authorizeRequests() - .anyRequest() - .authenticated() - .and() - .httpBasic(); -} } diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java index d86c25e223..7292c7f4f4 100644 --- a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java @@ -1,17 +1,17 @@ package com.baeldung.springbootsecuritycors.controller; -import javax.servlet.http.HttpServletRequest; +import java.security.Principal; import org.springframework.web.bind.annotation.CrossOrigin; -import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; @RestController -@CrossOrigin +@CrossOrigin("http://localhost:4200") public class ResourceController { - @RequestMapping("/user") - public String user(HttpServletRequest request) { - return request.getUserPrincipal().getName(); + @GetMapping("/user") + public String user(Principal principal) { + return principal.getName(); } } diff --git a/spring-security-cors/src/main/resources/application.properties b/spring-security-cors/src/main/resources/application.properties deleted file mode 100644 index 4835515744..0000000000 --- a/spring-security-cors/src/main/resources/application.properties +++ /dev/null @@ -1,3 +0,0 @@ -server.port=8080 - - diff --git a/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java b/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java deleted file mode 100644 index 483e578ed4..0000000000 --- a/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java +++ /dev/null @@ -1,33 +0,0 @@ -package com.baeldung.springbootsecurityrest; - -import static org.junit.Assert.assertEquals; -import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT; - -import java.io.IOException; -import java.net.URISyntaxException; -import java.net.URL; - -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.web.client.TestRestTemplate; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; -import org.springframework.test.context.junit4.SpringRunner; -import org.springframework.web.client.RestClientException; - -import com.baeldung.springbootsecuritycors.basicauth.SpringBootSecurityApplication; - -@RunWith(SpringRunner.class) -@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class) -public class BasicAuthConfigurationIntegrationTest { - - @Test - public void givenCredentials_whenRequested_thenLogin() throws IllegalStateException, IOException, RestClientException, URISyntaxException { - TestRestTemplate restTemplate = new TestRestTemplate(); - URL base = new URL("http://192.168.1.101:8082/user"); - ResponseEntity response = restTemplate.withBasicAuth("user", "password").postForEntity(base.toURI(), null, String.class); - assertEquals(HttpStatus.OK, response.getStatusCode()); - } - -}