While trying to call API from swagger with the addition of Aad OAuth SecurityConfig, which I use since all api get access based on the app role set in the enterprise application using SSO.
@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
@EnableMethodSecurity
public class AadOAuth2LoginSecurityConfig {
/**
* Add configuration logic as needed.
*/
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors(cors -> cors.disable()).csrf(csrf -> csrf.disable()).apply(AadWebApplicationHttpSecurityConfigurer.aadWebApplication()).and().authorizeHttpRequests().requestMatchers("swagger-ui/**").permitAll().requestMatchers("/swagger-ui/**").permitAll().requestMatchers("api-docs/**").permitAll().requestMatchers("/api-docs/**").permitAll().requestMatchers("/api/v1/**").authenticated();
return http.build();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(List.of("*"));
configuration.setAllowedHeaders(Arrays.asList("Origin", "Authorization"));
configuration.setExposedHeaders(Arrays.asList("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials"));
configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH", "OPTION"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
Versions used: Java -17 Springboot - 3.1.2
