Skip to content

Commit

Permalink
Merge pull request #9 from kbss-cvut/fix-parsing-origin-from-app-context
Browse files Browse the repository at this point in the history 
Fix parsing of AllowedOrigins from appContext variable
  • Loading branch information
@blcham
blcham authored Nov 19, 2023
2 parents 18ba3f2 + 144b60b commit 6dffc73
Show file tree
Hide file tree
Showing 10 changed files with 61 additions and 42 deletions.
35 changes: 27 additions & 8 deletions src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
package cz.cvut.kbss.study.config;

import cz.cvut.kbss.study.exception.RecordManagerException;
import cz.cvut.kbss.study.security.CsrfHeaderFilter;
import cz.cvut.kbss.study.security.SecurityConstants;
import cz.cvut.kbss.study.service.ConfigReader;
import cz.cvut.kbss.study.util.ConfigParam;
import java.net.MalformedURLException;
import java.net.URL;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
Expand Down Expand Up @@ -94,23 +97,39 @@ CorsConfigurationSource corsConfigurationSource(ConfigReader config) {
}

static CorsConfigurationSource createCorsConfiguration(ConfigReader configReader) {
// allowCredentials requires allowed origins to be configured (* is not supported)
final CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();
corsConfiguration.setAllowedMethods(Collections.singletonList("*"));
if (!configReader.getConfig(ConfigParam.APP_CONTEXT, "").isBlank()) {
String appUrl = configReader.getConfig(ConfigParam.APP_CONTEXT);
appUrl = appUrl.substring(0, appUrl.lastIndexOf('/'));
corsConfiguration.setAllowedOrigins(List.of(appUrl));
} else {
corsConfiguration.setAllowedOrigins(Collections.singletonList("*"));
URL appUrl = getApplicationContext(configReader);
if (appUrl != null) {
corsConfiguration.setAllowedOrigins(List.of(parseOrigin(appUrl)));
corsConfiguration.setAllowCredentials(true);
}
corsConfiguration.addExposedHeader(HttpHeaders.AUTHORIZATION);
corsConfiguration.addExposedHeader(HttpHeaders.LOCATION);
corsConfiguration.addExposedHeader(HttpHeaders.CONTENT_DISPOSITION);
corsConfiguration.setAllowCredentials(true);

final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfiguration);
return source;
}

private static URL getApplicationContext(ConfigReader configReader) {
String appUrl = configReader.getConfig(ConfigParam.APP_CONTEXT);

if (appUrl.isBlank()) {
return null;
}
try {
return new URL(appUrl);
} catch (MalformedURLException e) {
throw new RecordManagerException(
"Invalid configuration parameter " + ConfigParam.APP_CONTEXT + ".",
e);
}
}

private static String parseOrigin(URL url) {
return url.getProtocol() + "://" + url.getHost()
+ (url.getPort() != -1 ? ":" + url.getPort() : "");
}
}
2 changes: 1 addition & 1 deletion src/main/java/cz/cvut/kbss/study/exception/EntityExistsException.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package cz.cvut.kbss.study.exception;

public class EntityExistsException extends FormManagerException {
public class EntityExistsException extends RecordManagerException {

public EntityExistsException(String message) {
super(message);
Expand Down
24 changes: 0 additions & 24 deletions src/main/java/cz/cvut/kbss/study/exception/FormManagerException.java
View file

This file was deleted.

2 changes: 1 addition & 1 deletion src/main/java/cz/cvut/kbss/study/exception/NotFoundException.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package cz.cvut.kbss.study.exception;

public class NotFoundException extends FormManagerException {
public class NotFoundException extends RecordManagerException {

public NotFoundException(String message) {
super(message);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/cz/cvut/kbss/study/exception/PersistenceException.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
/**
* General exception marking an error in the persistence layer.
*/
public class PersistenceException extends FormManagerException {
public class PersistenceException extends RecordManagerException {

public PersistenceException(String message) {
super(message);
Expand Down
24 changes: 24 additions & 0 deletions src/main/java/cz/cvut/kbss/study/exception/RecordManagerException.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package cz.cvut.kbss.study.exception;

/**
* Application-specific exception.
* <p>
* All exceptions related to the application should be subclasses of this one.
*/
public class RecordManagerException extends RuntimeException {

protected RecordManagerException() {
}

public RecordManagerException(String message) {
super(message);
}

public RecordManagerException(String message, Throwable cause) {
super(message, cause);
}

public RecordManagerException(Throwable cause) {
super(cause);
}
}
2 changes: 1 addition & 1 deletion src/main/java/cz/cvut/kbss/study/exception/ValidationException.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
/**
* High-level exception marking a validated object invalid.
*/
public class ValidationException extends FormManagerException {
public class ValidationException extends RecordManagerException {

private final String messageId;

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/cz/cvut/kbss/study/exception/WebServiceIntegrationException.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
/**
* Exception thrown when access to other application's web services fails.
*/
public class WebServiceIntegrationException extends FormManagerException {
public class WebServiceIntegrationException extends RecordManagerException {

public WebServiceIntegrationException(String message) {
super(message);
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/cz/cvut/kbss/study/security/AuthenticationSuccess.java
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cz.cvut.kbss.study.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import cz.cvut.kbss.study.exception.FormManagerException;
import cz.cvut.kbss.study.exception.RecordManagerException;
import cz.cvut.kbss.study.security.model.LoginStatus;
import cz.cvut.kbss.study.service.ConfigReader;
import cz.cvut.kbss.study.util.ConfigParam;
Expand Down Expand Up @@ -99,7 +99,7 @@ private void addSameSiteCookieAttribute(HttpServletResponse response) {

SameSiteValue sameSiteValue = SameSiteValue.getValue(configValue)
.orElseThrow(
() -> new FormManagerException(
() -> new RecordManagerException(
"Could not recognize " + ConfigParam.SECURITY_SAME_SITE + " parameter value '"
+ configValue + "', as it is not one of the values "
+ Arrays.toString(SameSiteValue.values()) + "."
Expand Down
6 changes: 3 additions & 3 deletions src/main/java/cz/cvut/kbss/study/util/Utils.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package cz.cvut.kbss.study.util;

import cz.cvut.kbss.study.exception.FormManagerException;
import cz.cvut.kbss.study.exception.RecordManagerException;

import java.io.*;
import java.net.URI;
Expand All @@ -22,14 +22,14 @@ public static String loadQuery(String queryFileName) {
final InputStream is = Utils.class.getClassLoader().getResourceAsStream(
Constants.QUERY_DIRECTORY + File.separator + queryFileName);
if (is == null) {
throw new FormManagerException(
throw new RecordManagerException(
"Initialization exception. Query file not found in " + Constants.QUERY_DIRECTORY +
File.separator + queryFileName);
}
try (final BufferedReader in = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8))) {
return in.lines().collect(Collectors.joining("\n"));
} catch (IOException e) {
throw new FormManagerException("Initialization exception. Unable to load query!", e);
throw new RecordManagerException("Initialization exception. Unable to load query!", e);
}
}

Expand Down

0 comments on commit 6dffc73

Please sign in to comment.