OZG-6741 enable cross origin for search organisationsEinheit endpoint

5f505ccb · Felix Reichenbach · 57927da2 · 5f505ccb · 5f505ccb
Commit 5f505ccb authored 3 months ago by Felix Reichenbach
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
@@ -29,6 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -74,9 +75,10 @@ public class SecurityConfiguration {
 				.requestMatchers("/*").permitAll()
 				.anyRequest().denyAll());

-		http.oauth2ResourceServer(this::setOAuth2ResourceServer);
-		http.headers(headers -> headers.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN)));
-		http.addFilterBefore(downloadTokenFilter, UsernamePasswordAuthenticationFilter.class);
+		http.oauth2ResourceServer(this::setOAuth2ResourceServer)
+				.headers(headers -> headers.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN)))
+				.addFilterBefore(downloadTokenFilter, UsernamePasswordAuthenticationFilter.class)
+				.cors(Customizer.withDefaults());

 		return http.build();
 	}

--- a/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/OrganisationsEinheitController.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/OrganisationsEinheitController.java
@@ -28,6 +28,7 @@ import java.util.Optional;
 import org.springframework.hateoas.CollectionModel;
 import org.springframework.hateoas.EntityModel;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -53,6 +54,7 @@ class OrganisationsEinheitController {
 		return ResponseEntity.of(Optional.of(service.getById(organisationsEinheitId)).map(assembler::toModel));
 	}

+	@CrossOrigin(originPatterns = "https://*.ozg-cloud.de")
 	@GetMapping(params = { SEARCH_BY_PARAM })
 	public CollectionModel<EntityModel<OrganisationsEinheitHeader>> search(@RequestParam String searchBy) {
 		return headerModelAssembler.toCollectionModel(service.searchOrganisationsEinheiten(searchBy).toList());