In my spring boot application I have the following controller

@RestController(value = "ProjectController")
@CrossOrigin(origins = {"${app.api.settings.cross-origin.urls}"})
public class ProjectController {
   // some request mapping methods
}

The property app.api.settings.cross-origin.urls is already a key having comma separated valid urls in application.properties file like

app.api.settings.cross-origin.urls=http://localhost:3000, http://localhost:7070

This approach works till I have only single value like

app.api.settings.cross-origin.urls=http://localhost:3000 but not for comma separated values. The origins field inside @CrossOrigin is of type String[] still it does not convert into String[] automatically. I mean there should be some way to achieve this provided by the framework. Not a work around. I can achieve using comma separated urls from properties files using @Value into a List<String> or String[] as a field inside a @Configuration class like below

@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {

    @Value("${app.api.settings.cross-origin.urls}")
    private String[] consumerUiOrigins;

    @Override
    public void addCorsMappings(CorsRegistry registry) {
         registry
           .addMapping("/api/**")
           .allowedOrigins(consumerUiOrigins);
    }
}

But this would be a global configuration having application wide applicability. I want to stick to the more fine grained @CrossOrigin annoation based CORS configuration.

So I put my question clearly below.

Is it possible to inject comma separated value from properties file as String[] using property plcaholer expression (${*}) into spring annotation fields having the same type i.e. String[] ????? If yes then how??? If no then can we tweak some core framework classes to achieve this??? Anyone please help....

P.S. - Please do not mark my question as duplicate of Use Spring Properties in Java with CrossOrigin Annotation or in Spring-Config XML

My question is more on usage of property placholder expressions inside spring annotation fields having multi element type like String[] and less on the configuration of CORS in spring applications.

Try doing as below in application.properties:

app.api.settings.cross-origin.urls="http://localhost:3000","http://localhost:7070"

Although @CrossOrigin appears simple, it did not work for multiple comma separated domains.

This what worked for me in Spring Boot for multiple domains and multiple path configurations.

Reference - https://docs.spring.io/spring-security/site/docs/5.4.2/reference/html5/#cors

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${cross-origin-domains:https://example1.com,https://example2.com}")
    private List<String> crossOriginDomains;

    @Value("${cross-origin.paths:/path1/**,/path2/**}")
    private List<String> crossOriginPaths;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors(withDefaults())
        .
        //Any other configuration you need
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(this.crossOriginDomains);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        for (String api : this.crossOriginPaths) {
            source.registerCorsConfiguration(api, configuration);
        }
        return source;
    }

}

And in application.properties or in Consul, you can have these configs & values

ccc.cross-origin.domains=https://example1.com,https://example3.com
ccc.cross-origin.paths=/path1/**,/path2/**,/path3/**