[Spring-Boot-Keycloak example] Allows preflight requests from browser (#15706)

This commit is contained in:
libor-vilimek-finbricks 2024-03-12 08:20:01 +01:00 committed by GitHub
parent b8a43f209c
commit 861e43470d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -7,6 +7,7 @@ import java.util.Set;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer; import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -56,6 +57,9 @@ class SecurityConfig {
@Bean @Bean
public SecurityFilterChain resourceServerFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain resourceServerFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth http.authorizeHttpRequests(auth -> auth
// Allows preflight requests from browser
.requestMatchers(new AntPathRequestMatcher("/customers*", HttpMethod.OPTIONS.name()))
.permitAll()
.requestMatchers(new AntPathRequestMatcher("/customers*")) .requestMatchers(new AntPathRequestMatcher("/customers*"))
.hasRole("user") .hasRole("user")
.requestMatchers(new AntPathRequestMatcher("/")) .requestMatchers(new AntPathRequestMatcher("/"))