fix cors configuration

bogdan-sava · planetf1 · commit 03e0331da1e8 · 2023-03-28T18:19:37.000+01:00
Signed-off-by: Bogdan Sava &lt;bogdan.sava@gmail.com&gt;
Signed-off-by: Nigel Jones &lt;nigel.l.jones+git@gmail.com&gt;
diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/RoleService.java b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/RoleService.java
@@ -4,11 +4,13 @@
 
 import org.odpi.openmetadata.userinterface.uichassis.springboot.service.ComponentService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
 import java.util.Collection;
 import java.util.Set;
 import java.util.stream.Collectors;
 
+@Service
 public class RoleService {
 
     @Autowired
diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java
@@ -83,7 +83,10 @@ public WebMvcConfigurer corsConfigurer() {
         return new WebMvcConfigurer() {
             @Override
             public void addCorsMappings( CorsRegistry registry ) {
-                registry.addMapping("/**").allowedOrigins(allowedOrigins.toArray(new String[]{}));
+                registry.addMapping("/**")
+                        .allowedOrigins(allowedOrigins.toArray(new String[]{}))
+                        .allowedMethods("GET","POST","PUT","DELETE")
+                        .allowedHeaders("Authorization","Content-type");
             }
         };
     }
diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/service/TokenService.java b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/service/TokenService.java
@@ -2,18 +2,24 @@
 /* Copyright Contributors to the ODPi Egeria project. */
 package org.odpi.openmetadata.userinterface.uichassis.springboot.auth.service;
 
+import org.odpi.openmetadata.userinterface.uichassis.springboot.auth.RoleService;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.jwt.*;
 import org.springframework.stereotype.Service;
 
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
+import java.util.Collection;
+import java.util.List;
 import java.util.stream.Collectors;
 
 @Service
 public class TokenService {
 
+    @Autowired
+    RoleService roleService;
     private final JwtEncoder encoder;
 
     public TokenService(JwtEncoder encoder) {
@@ -22,14 +28,16 @@ public TokenService(JwtEncoder encoder) {
 
     public String generateToken(Authentication authentication) {
         Instant now = Instant.now();
-        String scope = authentication.getAuthorities().stream()
+        List<String> authotities = authentication.getAuthorities().stream()
                 .map(GrantedAuthority::getAuthority)
-                .collect(Collectors.joining(" "));
+                .collect(Collectors.toList());
+        Collection<String> scope = roleService.extractUserAppRoles(authotities);
         JwtClaimsSet claims = JwtClaimsSet.builder()
                 .issuer("self")
                 .issuedAt(now)
                 .expiresAt(now.plus(1, ChronoUnit.HOURS))
                 .subject(authentication.getName())
+                .claim("visibleComponents", roleService.getVisibleComponents(scope))
                 .claim("scope", scope)
                 .build();
         return this.encoder.encode(JwtEncoderParameters.from(claims)).getTokenValue();
diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/resources/application.properties b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/resources/application.properties
@@ -87,7 +87,7 @@ authentication.mode=token
 # Below is the default configuration for the two COCO_PHARMA roles we use for demo:
 
 role.visibleComponents.COCO_PHARMA_USER=about,asset-catalog,asset-details,asset-details-print,asset-lineage,asset-lineage-print,end-to-end,ultimate-source,ultimate-destination,vertical-lineage,glossary,repository-explorer
-role.visibleComponents.COCO_PHARMA_ADMIN=about,type-explorer
+role.visibleComponents.COCO_PHARMA_ADMIN=*
 
 # omas server connection details
 omas.server.name=cocoMDS1

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,10 @@ public WebMvcConfigurer corsConfigurer() {`
`83`	`83`	`return new WebMvcConfigurer() {`
`84`	`84`	`@Override`
`85`	`85`	`public void addCorsMappings( CorsRegistry registry ) {`
`86`		`- registry.addMapping("/**").allowedOrigins(allowedOrigins.toArray(new String[]{}));`
	`86`	`+ registry.addMapping("/**")`
	`87`	`+ .allowedOrigins(allowedOrigins.toArray(new String[]{}))`
	`88`	`+ .allowedMethods("GET","POST","PUT","DELETE")`
	`89`	`+ .allowedHeaders("Authorization","Content-type");`
`87`	`90`	`}`
`88`	`91`	`};`
`89`	`92`	`}`