CODEWITHSUNDEEP
springkotlinspring-security
dasdsadad
dasdsadad

Reputation: 1

How can I allow cors for all origins with kotlin and spring boot 2.7.5

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Profile("!test")
class SecurityConfiguration(private val issuersOAuth2Properties: IssuersOAuth2Properties) {
    @Bean
    @Throws(Exception::class)
    fun filterChain(http: HttpSecurity): SecurityFilterChain? {
        http.authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()
        http.authorizeRequests().antMatchers("/swagger-ui.html").permitAll()
        http.authorizeRequests().antMatchers("/auth").permitAll()
        http.authorizeRequests().antMatchers("/actuator**").permitAll()
        http.authorizeRequests().antMatchers("/swagger-ui.html", "/swagger-ui/**").permitAll()
        http.csrf().disable()

        //.cors{cors->cors.disable()}
        http.authorizeRequests().antMatchers("/**").authenticated().and().oauth2ResourceServer{oauth2 ->
            oauth2.authenticationManagerResolver(jwtIssuerAuthManager())
        }.authorizeRequests().and().cors().disable()

        return http.build()
    }

    @Bean
    fun corsConfigurer(): WebMvcConfigurer? {
        return object : WebMvcConfigurer {
            override fun addCorsMappings(registry: CorsRegistry) {
                registry.addMapping("/**").allowedMethods("*").allowedHeaders("*").allowCredentials(true)
            }
        }
    }

    @Bean
    fun jwtIssuerAuthManager():AuthenticationManagerResolver<HttpServletRequest?>?{
        return JwtIssuerAuthenticationManagerResolver(IssuerManager(issuersOAuth2Properties.issuers))
    }
}

Kotlin does cors new with never versions of spring. I did not found any working example. With this one i get an error: https://docs.spring.io/spring-security/reference/reactive/integrations/cors.html

APPLICATION FAILED TO START

Description:

The bean 'springSecurityFilterChain', defined in class path resource [me/xxx/xxx/config/SecurityConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class] and overriding is disabled.

Action:

Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true

Upvotes: 0

Views: 1334

Answers (1)

Ishak Antony
Ishak Antony

Reputation: 79

From the error message, I see that you might have multiple beans of SecurityFilterChain declared in your project with the same name.

You can rename one of the beans to a different name by using @Bean(name = "youNewBeanName") or just simply rename the function name.

As for your CORS, simply add addAllowedOrigin("*") in your WebMvcConfigurer should do the case.

Although, it is recommended that you create a bean of type CorsConfigurationSource source instead which is a better practice.

cmiiw.

Hope that helps.

Cheers!

Upvotes: 0

Related Questions