fix cors in SecurityConfig, fixes in frontend app

datasafe-rest-impl/src/main/java/de/adorsys/datasafe/rest/impl/security/SecurityConfig.java

@@ -26,10 +26,13 @@
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
+import java.util.Arrays;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import static de.adorsys.datasafe.rest.impl.security.SecurityConstants.TOKEN_HEADER;
+import static org.springframework.security.config.Customizer.withDefaults;
 
 @Configuration
 @EnableWebSecurity
@@ -44,7 +47,7 @@ public class SecurityConfig {
 
  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc, AuthenticationManager authenticationManager) throws Exception {
- MvcRequestMatcher[] SWAGGER_RESOURCES = {
+ MvcRequestMatcher[] swaggerResources = {
  mvc.pattern("/v2/api-docs"),
  mvc.pattern("/configuration/ui"),
  mvc.pattern("/swagger-resources"),
@@ -54,11 +57,10 @@ public SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Buil
  mvc.pattern("/swagger-resources/configuration/ui"),
  mvc.pattern("/swagger-ui.html")
  };
-
- http.cors(AbstractHttpConfigurer::disable)
+ http.cors(withDefaults())
  .csrf(AbstractHttpConfigurer::disable)
  .authorizeHttpRequests(authz -> authz
- .requestMatchers(SWAGGER_RESOURCES).permitAll()
+ .requestMatchers(swaggerResources).permitAll()
  .requestMatchers(mvc.pattern("/static/**")).permitAll()
  .requestMatchers(mvc.pattern(SecurityConstants.AUTH_LOGIN_URL)).permitAll()
  .requestMatchers(mvc.pattern(HttpMethod.OPTIONS, "/**")).permitAll()
@@ -77,8 +79,8 @@ MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
  }
 
  @Bean
- public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
- UserDetails user = User.withDefaultPasswordEncoder()
+ public InMemoryUserDetailsManager userDetailsService(PasswordEncoder encoder) {
+ UserDetails user = User.builder().passwordEncoder(encoder::encode)
  .username(securityProperties.getDefaultUser())
  .password(securityProperties.getDefaultPassword())
  .authorities("ROLE_USER")
@@ -101,19 +103,15 @@ public PasswordEncoder passwordEncoder() {
  }
 
  @Bean
- public CorsConfigurationSource corsConfigurationSource() {
+ CorsConfigurationSource corsConfigurationSource() {
+ CorsConfiguration configuration = new CorsConfiguration();
+ configuration.setAllowedOrigins(List.of("http://localhost:4200"));
+ configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
+ configuration.setAllowedHeaders(List.of("*"));
+ configuration.setAllowCredentials(true);
+ configuration.addExposedHeader(TOKEN_HEADER);
  UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-
- CorsConfiguration authConfig = new CorsConfiguration().applyPermitDefaultValues();
- authConfig.addExposedHeader(TOKEN_HEADER);
- source.registerCorsConfiguration(SecurityConstants.AUTH_LOGIN_URL, authConfig);
-
- CorsConfiguration globalConfig = new CorsConfiguration().applyPermitDefaultValues();
- globalConfig.addAllowedMethod(HttpMethod.OPTIONS);
- globalConfig.addAllowedMethod(HttpMethod.PUT);
- globalConfig.addAllowedMethod(HttpMethod.DELETE);
- source.registerCorsConfiguration("/**", globalConfig);
-
+ source.registerCorsConfiguration("/**", configuration);
  return source;
  }
 

frontend/README.md

@@ -3,6 +3,8 @@
 Use `npm run-script ng:serve:web` for local development
 Use `npm run-script start` for electron development
 
+Use `ng serve -c dev` if you need to debug
+
 ### Notes
 - API url and credentials are provided by env.js file (API_URL, API_USERNAME, API_PASSWORD). 
 Credentials (API_USERNAME, API_PASSWORD) are intended for local use only. 

frontend/datasafe-ui/angular.json

@@ -40,7 +40,6 @@
  "optimization": true,
  "outputHashing": "all",
  "sourceMap": false,
- "extractCss": true,
  "namedChunks": false,
  "aot": true,
  "extractLicenses": true,
@@ -53,6 +52,17 @@
  "maximumError": "5mb"
  }
  ]
+ },
+ "dev": {
+ "fileReplacements": [
+ {
+ "replace": "src/environments/environment.ts",
+ "with": "src/environments/environment.dev.ts"
+ }
+ ],
+ "optimization": false,
+ "extractLicenses": false,
+ "sourceMap": true
  }
  }
  },
@@ -64,6 +74,9 @@
  "configurations": {
  "production": {
  "browserTarget": "my-app:build:production"
+ },
+ "dev": {
+ "browserTarget": "my-app:build:dev"
  }
  }
  },

frontend/datasafe-ui/package.json

@@ -4,7 +4,7 @@
  "description": "datasafe-ui with web and electron interface",
  "keywords": [
  "angular",
- "angular 8",
+ "angular 15",
  "electron",
  "typescript",
  "sass"
@@ -40,7 +40,6 @@
  "@angular/compiler": "15.2.9",
  "@angular/compiler-cli": "15.2.9",
  "@angular/core": "15.2.9",
-
  "@angular/forms": "15.2.9",
  "@angular/material": "15.2.9",
  "@angular/material-moment-adapter": "15.2.9",
@@ -53,7 +52,7 @@
  "@types/node": "20.8.0",
  "codelyzer": "6.0.2",
  "core-js": "3.33.0",
- "electron": "26.2.4",
+ "electron": "^26.2.4",
  "electron-builder": "24.7.0",
  "electron-reload": "1.5.0",
  "hammerjs": "2.0.8",
@@ -75,7 +74,7 @@
  "wait-on": "7.0.1",
  "web-animations-js": "2.3.2",
  "webdriver-manager": "13.0.2",
- "zone.js": "0.14.0"
+ "zone.js": "0.13.0"
  },
  "engines": {
  "node": ">=18.10.0"

frontend/datasafe-ui/src/app/app.component.ts

@@ -1,5 +1,5 @@
 import {Component, OnInit} from '@angular/core';
-import {ErrorStateMatcher} from "@angular/material";
+import {ErrorStateMatcher} from "@angular/material/core";
 import {FormControl, FormGroupDirective, NgForm} from "@angular/forms";
 
 export class Env {

frontend/datasafe-ui/src/app/component/filetree/filetree.component.ts

@@ -7,7 +7,7 @@ import {ApiService} from "../../service/api/api.service";
 import {CredentialsService} from "../../service/credentials/credentials.service";
 import {Router} from "@angular/router";
 import {ErrorMessageUtil} from "../../app.component";
-import {MAT_DIALOG_DATA, MatDialog, MatDialogRef} from "@angular/material";
+import {MAT_DIALOG_DATA, MatDialog, MatDialogRef} from "@angular/material/dialog";
 
 class UserFileSystem {
 
@@ -39,6 +39,7 @@ class UserFileSystem {
 
  var fullPath = "";
  var folder = "";
+ path = (path.startsWith('/')) ? path.substring(1) : path;
  path.split("/").forEach(segment => {
  fullPath += segment;
  fullPath += (fullPath === path ? "" : "/");
@@ -302,7 +303,7 @@ export class FiletreeComponent {
  this.error = '';
  this.removePathFromUiCreatedFolders(path);
  this.api.deleteDocument(path, this.creds.getCredentialsForApi())
- .then(res => this.loadTree())
+ .then(_ => this.loadTree())
  .catch(err => this.error = 'Delete failed: ' + ErrorMessageUtil.extract(err));
  }
 
@@ -316,7 +317,7 @@ export class FiletreeComponent {
  uploadFile(event) {
  this.error = '';
  this.api.uploadDocument(event.target.files[0], event.target.files[0].name, this.creds.getCredentialsForApi())
- .then(res => this.loadTree())
+ .then(_ => this.loadTree())
  .catch(err => {
  this.error = 'Upload failed: ' + ErrorMessageUtil.extract(err);
  });
@@ -328,7 +329,7 @@ export class FiletreeComponent {
  event.currentTarget.files[0],
  event.currentTarget.name + event.currentTarget.files[0].name,
  this.creds.getCredentialsForApi())
- .then(res => this.loadTree())
+ .then(_ => this.loadTree())
  .catch(err => {
  this.error = 'Upload failed: ' + ErrorMessageUtil.extract(err);
  });

frontend/datasafe-ui/src/app/component/login/login.component.ts

@@ -3,7 +3,7 @@ import {Router} from '@angular/router';
 import {FormBuilder, FormControl, Validators} from '@angular/forms';
 import {CredentialsService} from '../../service/credentials/credentials.service';
 import {Env, FieldErrorStateMatcher} from '../../app.component';
-import {MAT_DIALOG_DATA, MatDialog, MatDialogRef} from '@angular/material';
+import {MAT_DIALOG_DATA, MatDialog, MatDialogRef} from '@angular/material/dialog';
 
 export interface ApiConfigData {
  apiUrl: string;

frontend/datasafe-ui/src/app/polyfills.ts

@@ -1,5 +1,4 @@
-import 'core-js/es6/reflect';
-import 'core-js/es7/reflect';
+import 'core-js/features/reflect';
 import 'zone.js/dist/zone';
 import 'hammerjs';
 import 'web-animations-js';