search

JanVDL1975 / leadgen-api

LeadGen is the next-generation lead generation system. This is the repository for the REST API.
MIT License
0 stars 0 forks source link

Task: Add Spring security #3

Open JanVDL1975 opened 11 months ago

JanVDL1975 commented 11 months ago

Add Spring security - configurations at endpoint level, possibly custom filters, CORS and CSRF.

JanVDL1975 commented 11 months ago

CORS, or Cross-Origin Resource Sharing, is a security feature implemented by web browsers to control which web pages are allowed to access resources on a different domain. If your Spring Boot application is serving resources that are being requested by a web page from a different domain, you might encounter CORS issues.

import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration public class CorsConfig {

@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurer() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**")
                    .allowedOrigins("http://your-allowed-origin.com")
                    .allowedMethods("GET", "POST", "PUT", "DELETE")
                    .allowCredentials(true);
        }
    };
}

}

JanVDL1975 commented 11 months ago

@Bean SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception

add filters for security.

JanVDL1975 commented 11 months ago

CSRF, or Cross-Site Request Forgery, is a type of attack where an attacker tricks a user's browser into making an unintended request. To protect against CSRF attacks in a Spring Boot application, you can use CSRF tokens.