Details
diff --git a/application/src/main/java/org/thingsboard/server/config/MvcCorsProperties.java b/application/src/main/java/org/thingsboard/server/config/MvcCorsProperties.java
new file mode 100644
index 0000000..62b4ec2
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/config/MvcCorsProperties.java
@@ -0,0 +1,45 @@
+/**
+ * Copyright © 2016-2017 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Created by yyh on 2017/5/2.
+ * CORS configuration
+ */
+@Configuration
+@ConfigurationProperties(prefix = "spring.mvc.cors")
+public class MvcCorsProperties {
+
+ private Map<String, CorsConfiguration> mappings = new HashMap<>();
+
+ public MvcCorsProperties() {
+ }
+
+ public Map<String, CorsConfiguration> getMappings() {
+ return mappings;
+ }
+
+ public void setMappings(Map<String, CorsConfiguration> mappings) {
+ this.mappings = mappings;
+ }
+}
diff --git a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
index 6a9e449..cdca099 100644
--- a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
+++ b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
@@ -18,7 +18,9 @@ package org.thingsboard.server.config;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
@@ -34,6 +36,9 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.cors.CorsUtils;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
import org.thingsboard.server.exception.ThingsboardErrorResponseHandler;
import org.thingsboard.server.service.security.auth.rest.RestAuthenticationProvider;
import org.thingsboard.server.service.security.auth.rest.RestLoginProcessingFilter;
@@ -146,6 +151,8 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
protected void configure(HttpSecurity http) throws Exception {
http.headers().cacheControl().disable().frameOptions().disable()
.and()
+ .cors()
+ .and()
.csrf().disable()
.exceptionHandling()
.and()
@@ -172,4 +179,17 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
.addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildWsJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
}
+
+
+ @Bean
+ @ConditionalOnMissingBean(CorsFilter.class)
+ public CorsFilter corsFilter(@Autowired MvcCorsProperties mvcCorsProperties) {
+ if (mvcCorsProperties.getMappings().size() == 0) {
+ return new CorsFilter(new UrlBasedCorsConfigurationSource());
+ } else {
+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+ source.setCorsConfigurations(mvcCorsProperties.getMappings());
+ return new CorsFilter(source);
+ }
+ }
}
diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml
index 778406a..e64e9cd 100644
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@@ -188,3 +188,25 @@ cache:
updates:
# Enable/disable updates checking.
enabled: "${UPDATES_ENABLED:true}"
+
+ # spring CORS configuration
+spring.mvc.cors:
+ mappings:
+ # Intercept path
+ "/api/auth/**":
+ #Comma-separated list of origins to allow. '*' allows all origins. When not set,CORS support is disabled.
+ allowed-origins: "*"
+ #Comma-separated list of methods to allow. '*' allows all methods.
+ allowed-methods: "POST,GET,OPTIONS"
+ #Comma-separated list of headers to allow in a request. '*' allows all headers.
+ allowed-headers: "*"
+ #How long, in seconds, the response from a pre-flight request can be cached by clients.
+ max-age: "1800"
+ #Set whether credentials are supported. When not set, credentials are not supported.
+ allow-credentials: "true"
+ "/api/v1/**":
+ allowed-origins: "*"
+ allowed-methods: "*"
+ allowed-headers: "*"
+ max-age: "1800"
+ allow-credentials: "true"
