feat: move CORS configuration to Spring Security

chore: remove active Spring profile from Dockerfile
fix: correct Docker Compose network configuration
2025-09-20 11:22:48 +02:00 · 2025-09-20 10:48:46 +02:00 · 2025-09-20 10:30:19 +02:00
5 changed files with 65 additions and 16 deletions
--- a/2
+++ b/2
@@ -13,4 +13,4 @@ FROM openjdk:21-jdk
 WORKDIR /app
 COPY --from=build /app/bootstrap/target/*.jar app.jar
 EXPOSE 8080
-ENTRYPOINT ["java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005", "-Xmx512m", "-Xms256m", "-jar", "app.jar","--spring.profiles.active=prod"]
+ENTRYPOINT ["java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005", "-Xmx512m", "-Xms256m", "-jar", "app.jar"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,8 +9,7 @@ services:
    ports:
      - "5432:5432"
    networks:
-      common_network:
-        ipv4_address: 10.1.0.121
+      network:
    volumes:
      - db_data:/var/lib/postgresql/data

@@ -20,16 +19,20 @@ services:
    ports:
      - "8095:8080"
    networks:
-      common_network:
-        ipv4_address: 10.1.0.121
+      network:
    environment:
      DB_NAME: ${DB_NAME}
      DB_HOST: ${DB_HOST}
      DB_PORT: ${DB_PORT}
      DB_USER: ${DB_USER}
      DB_PASSWORD: ${DB_PASSWORD}
+      APP_ALLOWED_ORIGINS: ${APP_ALLOWED_ORIGINS}
    depends_on:
      - db

 volumes:
-  db_data:
+  db_data:
+
+networks:
+  network:
+    driver: bridge
--- a/infrastructure/pom.xml
+++ b/infrastructure/pom.xml
@@ -33,6 +33,11 @@
            <artifactId>spring-boot-starter-validation</artifactId>
        </dependency>

+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
        <!-- MapStruct -->
        <dependency>
            <groupId>org.mapstruct</groupId>
--- a/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/CorsConfig.java
+++ b/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/CorsConfig.java
@@ -1,24 +1,34 @@
 package com.pablotj.portfolio.infrastructure.config;

+import java.util.Arrays;
+import java.util.List;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
-public class CorsConfig implements WebMvcConfigurer {
+public class CorsConfig {

    @Value("${app.cors.allowed-origins}")
    private String allowedOriginsString;

-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();

-        String [] allowedOrigins = allowedOriginsString.split(",");
+        List<String> allowedOrigins = Arrays.asList(allowedOriginsString.split(","));
+        config.setAllowedOriginPatterns(allowedOrigins);

-        registry.addMapping("/**")
-                .allowedOrigins(allowedOrigins)
-                .allowedMethods("GET", "POST", "PUT", "DELETE")
-                .allowedHeaders("*");
+        config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+        config.setAllowedHeaders(List.of("*"));
+        config.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+
+        return source;
    }
 }
--- a/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/SecurityConfig.java
+++ b/infrastructure/src/main/java/com/pablotj/portfolio/infrastructure/config/SecurityConfig.java
@@ -0,0 +1,31 @@
+package com.pablotj.portfolio.infrastructure.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfigurationSource;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    private final CorsConfigurationSource corsConfigurationSource;
+
+    public SecurityConfig(CorsConfigurationSource corsConfigurationSource) {
+        this.corsConfigurationSource = corsConfigurationSource;
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(AbstractHttpConfigurer::disable)
+                .cors(cors -> cors.configurationSource(corsConfigurationSource))
+                .authorizeHttpRequests(auth -> auth
+                        .anyRequest().permitAll()
+                );
+        return http.build();
+    }
+}
Author	SHA1	Message	Date
Pablo de la Torre Jamardo	5a26b299f2	feat: move CORS configuration to Spring Security	2025-09-20 11:22:48 +02:00
Pablo de la Torre Jamardo	6b3585da5e	chore: remove active Spring profile from Dockerfile	2025-09-20 10:48:46 +02:00
Pablo de la Torre Jamardo	e7b6712ad3	fix: correct Docker Compose network configuration	2025-09-20 10:30:19 +02:00