View Javadoc
1   /*
2    * Copyright 2016 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *       http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.openehealth.ipf.boot.fhir;
18  
19  import org.springframework.beans.factory.annotation.Autowired;
20  import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
21  import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
22  import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
23  import org.springframework.boot.context.properties.ConfigurationProperties;
24  import org.springframework.boot.context.properties.EnableConfigurationProperties;
25  import org.springframework.boot.web.servlet.FilterRegistrationBean;
26  import org.springframework.context.annotation.Bean;
27  import org.springframework.context.annotation.Configuration;
28  import org.springframework.web.cors.CorsConfiguration;
29  import org.springframework.web.filter.CorsFilter;
30  
31  import java.util.Arrays;
32  
33  
34  @Configuration
35  @EnableConfigurationProperties(IpfFhirConfigurationProperties.class)
36  @ConditionalOnWebApplication
37  @ConditionalOnProperty(prefix = "ipf.fhir.cors", name = "enabled", havingValue = "true", matchIfMissing = true)
38  public class CorsAutoConfiguration {
39  
40      @Autowired
41      private IpfFhirConfigurationProperties config;
42  
43      @Bean
44      @ConditionalOnMissingBean(CorsConfiguration.class)
45      @ConfigurationProperties(prefix = "ipf.fhir.cors")
46      public CorsConfiguration corsConfiguration() {
47          CorsConfiguration config = new CorsConfiguration();
48  
49          // A comma separated list of allowed origins. Note: An '*' cannot be used for an allowed origin when using credentials.
50          config.addAllowedOrigin("*");
51          config.setAllowedMethods(Arrays.asList("GET","POST","PUT","DELETE","OPTIONS"));
52          // A comma separated list of allowed headers when making a non simple CORS request.
53          config.setAllowedHeaders(Arrays.asList("X-FHIR-Starter", "Origin", "Accept", "X-Requested-With", "Content-Type", "Access-Control-Request-Method", "Access-Control-Request-Headers", "Authorization"));
54          config.setExposedHeaders(Arrays.asList("Location", "Content-Location"));
55          config.setMaxAge(300L);
56          return config;
57      }
58  
59      @Bean
60      @ConditionalOnMissingBean(name = "corsFilterRegistration")
61      public FilterRegistrationBean corsFilterRegistration(CorsConfiguration corsConfiguration) {
62          FilterRegistrationBean frb = new FilterRegistrationBean();
63          frb.addUrlPatterns(config.getFhirMapping());
64          frb.setFilter(new CorsFilter(request -> corsConfiguration));
65          return frb;
66      }
67  
68  }