Feature to enable CORS (#50)

cors-feature

libs/jarc-auth-lib/src/main/java/com/sourcefuse/jarc/authlib/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package com.sourcefuse.jarc.authlib.config;
 
+import com.sourcefuse.jarc.authlib.cors.CorsFilter;
 import com.sourcefuse.jarc.authlib.security.JwtAuthenticationFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
@@ -11,6 +12,7 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.access.channel.ChannelProcessingFilter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
@@ -34,6 +36,8 @@ public class SecurityConfig {
 
   private final JwtAuthenticationFilter authenticationFilter;
 
+  private final CorsFilter corsFilter;
+
   @Bean
   public SecurityFilterChain securityFilterChain(HttpSecurity http)
     throws Exception {
@@ -58,7 +62,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http)
       .addFilterBefore(
         authenticationFilter,
         UsernamePasswordAuthenticationFilter.class
-      );
+      )
+      .addFilterBefore(corsFilter, ChannelProcessingFilter.class);
     return http.build();
   }
 

libs/jarc-auth-lib/src/main/java/com/sourcefuse/jarc/authlib/cors/CorsConfig.java

@@ -0,0 +1,27 @@
+package com.sourcefuse.jarc.authlib.cors;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@EnableWebMvc
+public class CorsConfig implements WebMvcConfigurer {
+
+  @Value("${cors.url:#{null}}")
+  String corsUrl;
+
+  @Override
+  public void addCorsMappings(CorsRegistry registry) {
+    if (corsUrl != null) {
+      registry
+        .addMapping("/**")
+        .allowedOrigins(corsUrl)
+        .allowedMethods("*")
+        .allowedHeaders("*")
+        .allowCredentials(true);
+    }
+  }
+}

libs/jarc-auth-lib/src/main/java/com/sourcefuse/jarc/authlib/cors/CorsFilter.java

@@ -0,0 +1,33 @@
+package com.sourcefuse.jarc.authlib.cors;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Service
+public class CorsFilter extends OncePerRequestFilter {
+
+  @Value("${cors.url:#{null}}")
+  String corsUrl;
+
+  @Override
+  protected void doFilterInternal(
+    HttpServletRequest request,
+    HttpServletResponse response,
+    FilterChain filterChain
+  ) throws ServletException, IOException {
+    if (corsUrl != null) {
+      response.setHeader("Access-Control-Allow-Origin", corsUrl);
+      response.setHeader("Access-Control-Allow-Methods", "*");
+      response.setHeader("Access-Control-Allow-Headers", "*");
+      response.setHeader("Access-Control-Allow-Credentials", "true");
+    }
+
+    filterChain.doFilter(request, response);
+  }
+}

libs/jarc-auth-lib/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -8,5 +8,10 @@
     "name": "swagger.auth.password",
     "type": "java.lang.String",
     "description": "Password to access Swagger UI"
+  },
+  {
+    "name": "cors.url",
+    "type": "java.lang.String",
+    "description": "Provide the Url to enable CORS"
   }
 ]}