Commit 1b6b3548 authored by Matija Obreza's avatar Matija Obreza

Enable CORS origin checks based on client#allowedOrigins

- renamed config default.jwt.signingKey to oauth.jwt.signingKey
parent ac89e063
...@@ -18,6 +18,7 @@ package org.genesys2.spring.config; ...@@ -18,6 +18,7 @@ package org.genesys2.spring.config;
import java.util.Arrays; import java.util.Arrays;
import org.genesys.blocks.oauth.service.OAuthServiceImpl; import org.genesys.blocks.oauth.service.OAuthServiceImpl;
import org.genesys.blocks.security.component.OAuthClientOriginCheckFilter;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
...@@ -49,6 +50,7 @@ import org.springframework.security.oauth2.provider.token.TokenEnhancerChain; ...@@ -49,6 +50,7 @@ import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
/** /**
* The Class OAuth2ServerConfig. * The Class OAuth2ServerConfig.
...@@ -57,7 +59,7 @@ import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; ...@@ -57,7 +59,7 @@ import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
public class OAuth2ServerConfig { public class OAuth2ServerConfig {
private static final String APPLICATION_RESOURCE_ID = "genesys"; private static final String APPLICATION_RESOURCE_ID = "genesys";
@Value("${default.jwt.signingKey}") @Value("${oauth.jwt.signingKey}")
private String jwtSigningKey; private String jwtSigningKey;
@Autowired @Autowired
...@@ -107,10 +109,10 @@ public class OAuth2ServerConfig { ...@@ -107,10 +109,10 @@ public class OAuth2ServerConfig {
protected class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { protected class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
// OAuth2 CORS Origin header checker // OAuth2 CORS Origin header checker
// @Bean @Bean
// public OAuthClientOriginCheckFilter clientOriginCheckFilter() { public OAuthClientOriginCheckFilter clientOriginCheckFilter() {
// return new OAuthClientOriginCheckFilter(); return new OAuthClientOriginCheckFilter();
// } }
@Override @Override
public void configure(final ResourceServerSecurityConfigurer resources) { public void configure(final ResourceServerSecurityConfigurer resources) {
...@@ -162,7 +164,7 @@ public class OAuth2ServerConfig { ...@@ -162,7 +164,7 @@ public class OAuth2ServerConfig {
; ;
/*@formatter:on*/ /*@formatter:on*/
// http.addFilterAfter(clientOriginCheckFilter(), AbstractPreAuthenticatedProcessingFilter.class); http.addFilterAfter(clientOriginCheckFilter(), AbstractPreAuthenticatedProcessingFilter.class);
} }
} }
......
...@@ -40,6 +40,7 @@ default.oauthclient.clientId=defaultclient@localhost ...@@ -40,6 +40,7 @@ default.oauthclient.clientId=defaultclient@localhost
default.oauthclient.clientSecret=changeme default.oauthclient.clientSecret=changeme
default.oauth.accessToken.validity=21600 default.oauth.accessToken.validity=21600
default.oauth.refreshToken.validity=604800 default.oauth.refreshToken.validity=604800
oauth.jwt.signingKey=genesys-signing-key-changeme
build.version=${project.version} build.version=${project.version}
build.artifactId=${project.artifactId} build.artifactId=${project.artifactId}
...@@ -220,7 +221,6 @@ itpgrfa.glis.ratelimit=20 ...@@ -220,7 +221,6 @@ itpgrfa.glis.ratelimit=20
# Catalogy thingies # Catalogy thingies
partner.primary.uuid=39d3022b-dfca-45d8-98f1-3eeaa6c3e605 partner.primary.uuid=39d3022b-dfca-45d8-98f1-3eeaa6c3e605
default.jwt.signingKey=genesys-signing-key-changeme
# Genesys Catalog URL # Genesys Catalog URL
genesys.catalog.url=http://localhost:3000 genesys.catalog.url=http://localhost:3000
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment