Fix parsing of AllowedOrigins from appContext variable

src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java

@@ -1,9 +1,12 @@
 package cz.cvut.kbss.study.config;
 
+import cz.cvut.kbss.study.exception.RecordManagerException;
 import cz.cvut.kbss.study.security.CsrfHeaderFilter;
 import cz.cvut.kbss.study.security.SecurityConstants;
 import cz.cvut.kbss.study.service.ConfigReader;
 import cz.cvut.kbss.study.util.ConfigParam;
+import java.net.MalformedURLException;
+import java.net.URL;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -94,23 +97,39 @@ CorsConfigurationSource corsConfigurationSource(ConfigReader config) {
     }
 
     static CorsConfigurationSource createCorsConfiguration(ConfigReader configReader) {
-        // allowCredentials requires allowed origins to be configured (* is not supported)
         final CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();
         corsConfiguration.setAllowedMethods(Collections.singletonList("*"));
-        if (!configReader.getConfig(ConfigParam.APP_CONTEXT, "").isBlank()) {
-            String appUrl = configReader.getConfig(ConfigParam.APP_CONTEXT);
-            appUrl = appUrl.substring(0, appUrl.lastIndexOf('/'));
-            corsConfiguration.setAllowedOrigins(List.of(appUrl));
-        } else {
-            corsConfiguration.setAllowedOrigins(Collections.singletonList("*"));
+        URL appUrl = getApplicationContext(configReader);
+        if (appUrl != null) {
+            corsConfiguration.setAllowedOrigins(List.of(parseOrigin(appUrl)));
+            corsConfiguration.setAllowCredentials(true);
         }
         corsConfiguration.addExposedHeader(HttpHeaders.AUTHORIZATION);
         corsConfiguration.addExposedHeader(HttpHeaders.LOCATION);
         corsConfiguration.addExposedHeader(HttpHeaders.CONTENT_DISPOSITION);
-        corsConfiguration.setAllowCredentials(true);
 
         final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", corsConfiguration);
         return source;
     }
+
+    private static URL getApplicationContext(ConfigReader configReader) {
+        String appUrl = configReader.getConfig(ConfigParam.APP_CONTEXT);
+
+        if (appUrl.isBlank()) {
+            return null;
+        }
+        try {
+            return new URL(appUrl);
+        } catch (MalformedURLException e) {
+            throw new RecordManagerException(
+                "Invalid configuration parameter " + ConfigParam.APP_CONTEXT + ".",
+                e);
+        }
+    }
+
+    private static String parseOrigin(URL url) {
+        return url.getProtocol() + "://" + url.getHost()
+            + (url.getPort() != -1 ? ":" + url.getPort() : "");
+    }
 }

src/main/java/cz/cvut/kbss/study/exception/EntityExistsException.java

@@ -1,6 +1,6 @@
 package cz.cvut.kbss.study.exception;
 
-public class EntityExistsException extends FormManagerException {
+public class EntityExistsException extends RecordManagerException {
 
     public EntityExistsException(String message) {
         super(message);

src/main/java/cz/cvut/kbss/study/exception/NotFoundException.java

@@ -1,6 +1,6 @@
 package cz.cvut.kbss.study.exception;
 
-public class NotFoundException extends FormManagerException {
+public class NotFoundException extends RecordManagerException {
 
     public NotFoundException(String message) {
         super(message);

src/main/java/cz/cvut/kbss/study/exception/PersistenceException.java

@@ -3,7 +3,7 @@
 /**
  * General exception marking an error in the persistence layer.
  */
-public class PersistenceException extends FormManagerException {
+public class PersistenceException extends RecordManagerException {
 
     public PersistenceException(String message) {
         super(message);

src/main/java/cz/cvut/kbss/study/exception/RecordManagerException.java

@@ -0,0 +1,24 @@
+package cz.cvut.kbss.study.exception;
+
+/**
+ * Application-specific exception.
+ * <p>
+ * All exceptions related to the application should be subclasses of this one.
+ */
+public class RecordManagerException extends RuntimeException {
+
+    protected RecordManagerException() {
+    }
+
+    public RecordManagerException(String message) {
+        super(message);
+    }
+
+    public RecordManagerException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public RecordManagerException(Throwable cause) {
+        super(cause);
+    }
+}

src/main/java/cz/cvut/kbss/study/exception/ValidationException.java

@@ -3,7 +3,7 @@
 /**
  * High-level exception marking a validated object invalid.
  */
-public class ValidationException extends FormManagerException {
+public class ValidationException extends RecordManagerException {
 
     private final String messageId;
 

src/main/java/cz/cvut/kbss/study/exception/WebServiceIntegrationException.java

@@ -3,7 +3,7 @@
 /**
  * Exception thrown when access to other application's web services fails.
  */
-public class WebServiceIntegrationException extends FormManagerException {
+public class WebServiceIntegrationException extends RecordManagerException {
 
     public WebServiceIntegrationException(String message) {
         super(message);

src/main/java/cz/cvut/kbss/study/security/AuthenticationSuccess.java

@@ -1,7 +1,7 @@
 package cz.cvut.kbss.study.security;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import cz.cvut.kbss.study.exception.FormManagerException;
+import cz.cvut.kbss.study.exception.RecordManagerException;
 import cz.cvut.kbss.study.security.model.LoginStatus;
 import cz.cvut.kbss.study.service.ConfigReader;
 import cz.cvut.kbss.study.util.ConfigParam;
@@ -99,7 +99,7 @@ private void addSameSiteCookieAttribute(HttpServletResponse response) {
 
         SameSiteValue sameSiteValue = SameSiteValue.getValue(configValue)
                 .orElseThrow(
-                        () -> new FormManagerException(
+                        () -> new RecordManagerException(
                                 "Could not recognize " + ConfigParam.SECURITY_SAME_SITE + " parameter value '"
                                         + configValue + "', as it is not one of the values "
                                         + Arrays.toString(SameSiteValue.values()) + "."

src/main/java/cz/cvut/kbss/study/util/Utils.java

@@ -1,6 +1,6 @@
 package cz.cvut.kbss.study.util;
 
-import cz.cvut.kbss.study.exception.FormManagerException;
+import cz.cvut.kbss.study.exception.RecordManagerException;
 
 import java.io.*;
 import java.net.URI;
@@ -22,14 +22,14 @@ public static String loadQuery(String queryFileName) {
         final InputStream is = Utils.class.getClassLoader().getResourceAsStream(
                 Constants.QUERY_DIRECTORY + File.separator + queryFileName);
         if (is == null) {
-            throw new FormManagerException(
+            throw new RecordManagerException(
                     "Initialization exception. Query file not found in " + Constants.QUERY_DIRECTORY +
                             File.separator + queryFileName);
         }
         try (final BufferedReader in = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8))) {
             return in.lines().collect(Collectors.joining("\n"));
         } catch (IOException e) {
-            throw new FormManagerException("Initialization exception. Unable to load query!", e);
+            throw new RecordManagerException("Initialization exception. Unable to load query!", e);
         }
     }