'How to wire a custom WebSecurityConfigurerAdapter in Grails 5

We need to customize the WebSecurityConfigurerAdapter to allow CORS headers on authentication. I created the custom security config:

package priz.api.security

import groovy.transform.CompileStatic
import org.springframework.boot.autoconfigure.security.SecurityProperties
import org.springframework.context.annotation.Configuration
import org.springframework.core.annotation.Order
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.web.cors.CorsConfiguration
import org.springframework.web.cors.CorsConfigurationSource

import javax.servlet.http.HttpServletRequest

@CompileStatic
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@Order(SecurityProperties.IGNORED_ORDER)
class SecurityConfig extends WebSecurityConfigurerAdapter {

    public void configure(final HttpSecurity http) throws Exception {
        http
                .cors().configurationSource(new PermissiveCorsConfigurationSource()).and()
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("**").permitAll();
    }

    private static class PermissiveCorsConfigurationSource implements CorsConfigurationSource {
        /**
         * Return a {@link CorsConfiguration} based on the incoming request.
         *
         * @param request
         * @return the associated {@link CorsConfiguration}, or {@code null} if none
         */
        @Override
        public CorsConfiguration getCorsConfiguration(final HttpServletRequest request) {
            final CorsConfiguration configuration = new CorsConfiguration();
            configuration.setAllowCredentials(true);
            configuration.setAllowedHeaders(Collections.singletonList("*"));
            configuration.setAllowedMethods(Collections.singletonList("*"));
            configuration.setAllowedOrigins(Collections.singletonList("*"));
            return configuration;
        }
    }
}

But it seems that it is not getting used. Do I need to wire it somehow got Grails to use it?

spring-bootgrailsspring-security


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to return 404 for pages that do not exist when using Grails Spring Security Plugin

Posting a File and Associated Data to a RESTful WebService preferably as JSON

Calling Hibernate in background threads in grails

How to change grails localhost port?

Trouble getting Conditional CSS with Media Query and Grails

Why can't Groovy find this program even though it's on my PATH?

Bug in Grails / Spring Security when using user groups and roles - can't authenticate

How to catch exceptions in grails REST controllers

Why does the @Override annotation not work when building a Grails project?

Use read-only DB replica for read-only GORM methods and criteria

GRAILS, ANGULAR, GRADLE --- Execution failed for task ':npmInstall'. --- npm finished with non-zero exit value 1

Remove old log4j dependency from Grails

Wrong records are being showed with the Fields Plugin

How to get Grails Gorm autocomplete in regular Spring Data JPA

Micronaut declarative http-client not injected in Grails 5.1.6 controllers / services