Skip to content

Commit

Permalink
NIFI-5595 - Added the CORS filter to the templates/upload endpoint us…
Browse files Browse the repository at this point in the history
…ing a URL matcher.

Explicitly allow methods GET, HEAD. These are the Spring defaults when the allowedMethods is empty but now it is explicit. This will require other methods like POST etc to be from the same origin (for the template/upload URL).

This closes apache#3024.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
  • Loading branch information
thenatog authored and Ed B committed Oct 15, 2018
1 parent a5b24f1 commit b2c6010
Showing 1 changed file with 16 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;

/**
* NiFi Web Api Spring security
Expand Down Expand Up @@ -89,6 +94,7 @@ public void configure(WebSecurity webSecurity) throws Exception {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.rememberMe().disable()
.authorizeRequests()
.anyRequest().fullyAuthenticated()
Expand All @@ -112,6 +118,16 @@ protected void configure(HttpSecurity http) throws Exception {
http.anonymous().authenticationFilter(anonymousFilterBean());
}


@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedMethods(Arrays.asList("HEAD", "GET"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/process-groups/*/templates/upload", configuration);
return source;
}

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
Expand Down

0 comments on commit b2c6010

Please sign in to comment.