Class CorsConfig
java.lang.Object
tech.lastbox.lastshield.security.core.CorsConfig
The
CorsConfig class is responsible for configuring Cross-Origin Resource Sharing (CORS) settings
for the application. It allows defining allowed origins, methods, headers, and whether credentials are allowed.
This configuration is used to control which domains can access resources in your application and how cross-origin requests are handled.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.config.Customizer<org.springframework.security.config.annotation.web.configurers.CorsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>> Configures CORS settings for HTTP security by returning aCustomizerthat customizes theCorsConfigurerfor HTTP security.voidsetAllowCredentials(Boolean allowCredentials) Sets whether credentials (cookies, HTTP authentication, etc.) are allowed in cross-origin requests.voidsetAllowedHeaders(String header) Sets the allowed headers for cross-origin requests.voidsetAllowedHeaders(List<String> allowedHeaders) Sets the allowed headers for cross-origin requests.voidsetAllowedMethods(String method) Sets the allowed HTTP methods for cross-origin requests.voidsetAllowedMethods(List<String> allowedMethods) Sets the allowed HTTP methods for cross-origin requests.voidsetAllowedOrigins(String origin) Sets the allowed origins for cross-origin requests.voidsetAllowedOrigins(List<String> allowedOrigins) Sets the allowed origins for cross-origin requests.
-
Constructor Details
-
CorsConfig
public CorsConfig()Default constructor for the CorsConfig class. This constructor is used to instantiate the CorsConfig class.
-
-
Method Details
-
configure
@Bean public org.springframework.security.config.Customizer<org.springframework.security.config.annotation.web.configurers.CorsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>> configure()Configures CORS settings for HTTP security by returning aCustomizerthat customizes theCorsConfigurerfor HTTP security. This method is invoked to apply CORS configurations, such as allowed origins, methods, headers, and credentials, to the HTTP security configuration.If the attributes
allowedOrigins,allowedMethods,allowedHeaders, orallowCredentialsare not set, default values will be applied, effectively allowing unrestricted CORS access.The returned
Customizeris used to configure theCorsConfigureras part of the security filter chain, enabling fine-grained control over cross-origin request handling in the application.- Returns:
- a
Customizerthat applies CORS settings to HTTP security.
-
setAllowedOrigins
Sets the allowed origins for cross-origin requests.- Parameters:
origin- a single allowed origin to be added to the list.
-
setAllowedOrigins
Sets the allowed origins for cross-origin requests.- Parameters:
allowedOrigins- a list of allowed origins for cross-origin requests.
-
setAllowedMethods
Sets the allowed HTTP methods for cross-origin requests.- Parameters:
method- a single allowed HTTP method (e.g., GET, POST) to be added to the list.
-
setAllowedMethods
Sets the allowed HTTP methods for cross-origin requests.- Parameters:
allowedMethods- a list of allowed HTTP methods (e.g., GET, POST, PUT, DELETE).
-
setAllowedHeaders
Sets the allowed headers for cross-origin requests.- Parameters:
header- a single allowed header to be added to the list.
-
setAllowedHeaders
Sets the allowed headers for cross-origin requests.- Parameters:
allowedHeaders- a list of allowed headers for cross-origin requests.
-
setAllowCredentials
Sets whether credentials (cookies, HTTP authentication, etc.) are allowed in cross-origin requests.- Parameters:
allowCredentials-trueto allow credentials,falseto disallow credentials.
-