From 5f505ccb7f1f1853f8ccdb1f0c117ab4f4d6c9a3 Mon Sep 17 00:00:00 2001
From: Felix Reichenbach <felix.reichenbach@mgm-tp.com>
Date: Thu, 9 Jan 2025 12:14:44 +0100
Subject: [PATCH] OZG-6741 enable cross origin for search organisationsEinheit
 endpoint

---
 .../main/java/de/ozgcloud/alfa/SecurityConfiguration.java | 8 +++++---
 .../collaboration/OrganisationsEinheitController.java     | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java b/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
index 6b087870a0..c0036e2317 100644
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
@@ -29,6 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -74,9 +75,10 @@ public class SecurityConfiguration {
 				.requestMatchers("/*").permitAll()
 				.anyRequest().denyAll());
 
-		http.oauth2ResourceServer(this::setOAuth2ResourceServer);
-		http.headers(headers -> headers.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN)));
-		http.addFilterBefore(downloadTokenFilter, UsernamePasswordAuthenticationFilter.class);
+		http.oauth2ResourceServer(this::setOAuth2ResourceServer)
+				.headers(headers -> headers.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN)))
+				.addFilterBefore(downloadTokenFilter, UsernamePasswordAuthenticationFilter.class)
+				.cors(Customizer.withDefaults());
 
 		return http.build();
 	}
diff --git a/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/OrganisationsEinheitController.java b/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/OrganisationsEinheitController.java
index 388dbd757b..7d76a396f3 100644
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/OrganisationsEinheitController.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/OrganisationsEinheitController.java
@@ -28,6 +28,7 @@ import java.util.Optional;
 import org.springframework.hateoas.CollectionModel;
 import org.springframework.hateoas.EntityModel;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -53,6 +54,7 @@ class OrganisationsEinheitController {
 		return ResponseEntity.of(Optional.of(service.getById(organisationsEinheitId)).map(assembler::toModel));
 	}
 
+	@CrossOrigin(originPatterns = "https://*.ozg-cloud.de")
 	@GetMapping(params = { SEARCH_BY_PARAM })
 	public CollectionModel<EntityModel<OrganisationsEinheitHeader>> search(@RequestParam String searchBy) {
 		return headerModelAssembler.toCollectionModel(service.searchOrganisationsEinheiten(searchBy).toList());
-- 
GitLab