fixed some CORS stuff, don't apply filter to public accessible pages …

src/main/java/runner/AppRunner.java

@@ -3,14 +3,16 @@
 import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.PropertySource;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @SpringBootApplication
 @EnableEncryptableProperties
 public class AppRunner {
 
     public static void main(String[] args) {
         SpringApplication.run(AppRunner.class, args);
-
     }
 }

src/main/java/runner/controllers/AccountController.java

@@ -30,7 +30,7 @@ public String testJWT() {
     }
 
     //get accounts for the authenticated user only, THIS is the homepage once user has logged in
-    @JsonView(Views.AllAccounts.class)
+    //@JsonView(Views.AllAccounts.class)
     @GetMapping
     public ResponseEntity<Set<Account>> readAllAccount() {
        String currentPrincipalName = SecurityContextHolder.getContext().getAuthentication().getName();

src/main/java/runner/controllers/CustomerController.java

@@ -2,6 +2,7 @@
 import com.fasterxml.jackson.annotation.JsonView;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
@@ -20,15 +21,15 @@ public class CustomerController {
     @JsonView(Views.Profile.class)
     @GetMapping(value = "/myaccount/profile")
     public ResponseEntity<?> getCustomer() {
-        String currentPrincipalName = SecurityContextHolder.getContext().getAuthentication().getName();
-        Customer customer =customerServices.readCustomerByLogin(currentPrincipalName);
+        String currentPrincipalName = SecurityContextHolder.getContext().getAuthentication().getName(); //needs JWT token in header
+        Customer customer =customerServices.readCustomerByLogin(currentPrincipalName); //<< for testing on angular, need to change back to currentPrincipalName
           if( customer == null)
             return new ResponseEntity<>("Customer not found", HttpStatus.NOT_FOUND);
         else
             return new ResponseEntity<>(customer, HttpStatus.OK);
     }
 
-    @PostMapping(value = "/openaccount")
+    @PostMapping(value = "/openaccount",consumes = MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity<?> create(@RequestBody Customer customer) throws Exception {
         customer = customerServices.createCustomer(customer);
 
@@ -39,13 +40,13 @@ public ResponseEntity<?> create(@RequestBody Customer customer) throws Exception
             return new ResponseEntity<>("Login user name already exist", HttpStatus.CONFLICT);
     }
 
-    @PutMapping(value = "myaccount/profile/update")
+/*    @PutMapping(value = "myaccount/profile")
     public ResponseEntity<Customer> update(@RequestBody Customer customer) throws Exception {
         String currentPrincipalName = SecurityContextHolder.getContext().getAuthentication().getName();
-        Customer customerReturned =customerServices.readCustomerByLogin(currentPrincipalName);
+        Customer customerReturned =customerServices.readCustomerByLogin(*//*currentPrincipalName*//* "user1");
         Long id = customerReturned.getId();
         return new ResponseEntity<>(customerServices.updateCustomer(id,customer), HttpStatus.OK);
-    }
+    }*/
 
     @JsonView(Views.PhoneNumber.class)
     @PutMapping(value = "myaccount/profile/phone")

src/main/java/runner/entities/Customer.java

@@ -16,18 +16,18 @@ public class Customer {
     @GeneratedValue(strategy = GenerationType.AUTO)
     private Long id;
 
-    @JsonView(Views.Profile.class)
+    //@JsonView(Views.Profile.class)
     @Column(nullable = false)
     private String firstName;
 
-    @JsonView(Views.Profile.class)
+    //@JsonView(Views.Profile.class)
     private String middleName;
 
-    @JsonView(Views.Profile.class)
+    //@JsonView(Views.Profile.class)
     @Column(nullable = false)
     private String lastName;
 
-    @JsonView(Views.Profile.class)
+    //@JsonView(Views.Profile.class)
     @Column(nullable = false)
     private LocalDate dateOfBirth;
 

src/main/java/runner/security/config/WebSecurityConfig.java

@@ -1,5 +1,8 @@
 package runner.security.config;
 
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.web.filter.CorsFilter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -23,13 +26,15 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AndRequestMatcher;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import runner.security.filters.JwtAuthorizationFilter;
 import runner.services.LoginServices;
 import runner.services.UserDetailServices;
 
-import java.util.ArrayList;
-import java.util.List;
-
 @Configuration
 @EnableWebSecurity //allows Spring to find and automatically apply the class to the global Web Security.
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@@ -62,15 +67,47 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     //allowing user to post to authenticate since spring security is placed on all request
     @Override
     protected void configure(HttpSecurity http) throws Exception {
+        http.cors();
         http
                 .csrf().disable()
-                .authorizeRequests().antMatchers("/authenticate","/","/openaccount").permitAll() //permit everybody for this endpoint
+                .authorizeRequests()//.antMatchers().permitAll() //permit everybody for this endpoint
                 .anyRequest().authenticated() //all other request requires authentication
                 .and().sessionManagement()
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS); //jwt is stateless, asking Spring to not create sessions for each request
         http.addFilterBefore(jwtAuthorizationFilter, UsernamePasswordAuthenticationFilter.class); //asking Spring to use jwtAuthorizationFilter before UsernamePasswordAuthenticationFilter is called
     }
 
+    //Bypasses the jwtAuthorizationFilter for endpoints not required which i think is dictated by web.ignoring() line in configure(WebSecurity web) method
+    @Bean
+    public FilterRegistrationBean disableMyFilterBean() {
+        FilterRegistrationBean registration = new FilterRegistrationBean(jwtAuthorizationFilter);
+        registration.setEnabled(false);
+        return registration;
+    }
+
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/authenticate","/","/myaccount/profile","/openaccount");
+    }
+
+    @Bean
+    public WebMvcConfigurer corsConfigurer(){
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**")
+                        .allowedMethods("GET","POST","PUT","DELETE")
+                        .allowedHeaders("*")
+                        .allowedOrigins("http://localhost:4200"); //angular default port
+            }
+        };
+    }
+
+
+
+
+
+
     /*    @Override //creating own form for login
     protected void configure(HttpSecurity http) throws Exception{
         http

src/main/java/runner/security/filters/JwtAuthorizationFilter.java

@@ -7,6 +7,10 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.CorsUtils;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.OncePerRequestFilter;
 import runner.entities.Login;
 import runner.security.utilities.JwtUtil;
@@ -57,6 +61,8 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl
                 SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
             }
         }
+
         filterChain.doFilter(httpServletRequest, httpServletResponse);
     }
+
 }