Commit c358091e authored by Matija Obreza's avatar Matija Obreza

Merge branch 'ui-746-cors-configuration' into 'master'

Cors configuration for /oauth/token

See merge request genesys-pgr/genesys-server!584
parents 666cf918 79337d9d
#
# Build Genesys server on top of jetty
#
FROM jetty:9.4.30-jre8
FROM jetty:9.4.32-jre8
LABEL maintainer "Matija Obreza <matija.obreza@croptrust.org>"
......
......@@ -95,7 +95,7 @@
<swagger.version>2.9.2</swagger.version>
<!--Container -->
<jetty.version>9.4.30.v20200611</jetty.version>
<jetty.version>9.4.32.v20200930</jetty.version>
<maven.test.skip>false</maven.test.skip>
......@@ -491,7 +491,13 @@
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlets</artifactId>
<version>${jetty.version}</version>
<scope>runtime</scope>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
<version>${jetty.version}</version>
<scope>provided</scope>
</dependency>
<!--ElasticSearch-->
......
......@@ -206,7 +206,7 @@ public class ApiExceptionHandler {
* @return the api error
*/
@ResponseStatus(code = HttpStatus.NOT_FOUND)
@ExceptionHandler(value = { NoSuchRepositoryFileException.class, NotFoundElement.class, org.genesys2.server.exception.NotFoundElement.class })
@ExceptionHandler(value = { NoSuchRepositoryFileException.class, NotFoundElement.class })
@ResponseBody
public ApiError<Exception> handleNotFound(final Exception e, final HttpServletRequest request) {
LOG.warn("Element not found {} {}", request.getMethod(), request.getRequestURL());
......
......@@ -220,19 +220,22 @@ public class RepositoryController {
response.flushBuffer();
return;
}
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
response.setHeader(HttpHeaders.PRAGMA, "");
response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
response.setHeader(HttpHeaders.ETAG, eTag);
response.setContentType(repositoryFile.getContentType());
response.addHeader("Content-Disposition", String.format("attachment; filename=\"%s\"", repositoryFile.getOriginalFilename()));
final byte[] data = repositoryService.getFileBytes(repositoryFile);
if (data != null) {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
response.setHeader(HttpHeaders.PRAGMA, "");
response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
response.setHeader(HttpHeaders.ETAG, eTag);
response.setContentType(repositoryFile.getContentType());
response.addHeader("Content-Disposition", String.format("attachment; filename=\"%s\"", repositoryFile.getOriginalFilename()));
response.setContentLength(data.length);
response.getOutputStream().write(data);
} else {
throw new NoSuchRepositoryFileException("Bytes not available");
}
response.flushBuffer();
}
......
......@@ -37,10 +37,9 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.HandlerMapping;
/**
......@@ -48,7 +47,7 @@ import org.springframework.web.servlet.HandlerMapping;
*
* @author Matija Obreza
*/
@Controller("repositoryDownload1")
@RestController("repositoryDownload1")
public class RepositoryDownloadController {
public static final Logger LOG = LoggerFactory.getLogger(RepositoryDownloadController.class);
......@@ -59,7 +58,7 @@ public class RepositoryDownloadController {
@Autowired
private BytesStorageService byteStorageService;
private void downloadFile(final Path path, final String name, final String ext, final HttpServletResponse response, HttpServletRequest request) throws IOException {
private void downloadFile(final Path path, final String name, final String ext, final HttpServletResponse response, HttpServletRequest request) throws IOException, NotFoundElement, NoSuchRepositoryFileException {
byte[] data;
boolean noCache = "no-cache".equalsIgnoreCase(request.getHeader(HttpHeaders.CACHE_CONTROL))
......@@ -115,6 +114,9 @@ public class RepositoryDownloadController {
}
data = this.repositoryService.getFileBytes(repositoryFile);
if (data == null) {
throw new NotFoundElement("No such thing");
}
// Cache for 24hrs
if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
......@@ -137,14 +139,9 @@ public class RepositoryDownloadController {
}
}
if (data != null) {
response.setContentLength(data.length);
response.getOutputStream().write(data);
response.flushBuffer();
} else {
throw new NotFoundElement("No such thing. Sorry");
}
response.setContentLength(data.length);
response.getOutputStream().write(data);
response.flushBuffer();
}
private boolean clientCacheValid(RepositoryFile repositoryFile, HttpServletRequest request, HttpServletResponse response) throws IOException {
......@@ -179,8 +176,8 @@ public class RepositoryDownloadController {
/**
* Serve the bytes of the repository object
*/
@RequestMapping(value = RepositoryController.CONTROLLER_URL + "/download/d/**", method = RequestMethod.GET)
public void downloadFile(final HttpServletRequest request, final HttpServletResponse response) throws IOException {
@GetMapping(value = RepositoryController.CONTROLLER_URL + "/download/d/**")
public void downloadFile(final HttpServletRequest request, final HttpServletResponse response) throws IOException, NotFoundElement, NoSuchRepositoryFileException {
final String fullpath = ((String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE)).substring((RepositoryController.CONTROLLER_URL + "/download/d").length());
if (LOG.isTraceEnabled()) {
LOG.trace("Fullname: {}", fullpath);
......@@ -206,8 +203,8 @@ public class RepositoryDownloadController {
/**
* Return repository object metadata
*/
@RequestMapping(value = RepositoryController.CONTROLLER_URL + "/download/d/**", method = RequestMethod.GET, params = { "metadata" }, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody RepositoryFile getMetadata(final HttpServletRequest request) throws IOException, NoSuchRepositoryFileException {
@GetMapping(value = RepositoryController.CONTROLLER_URL + "/download/d/**", params = { "metadata" }, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody RepositoryFile getMetadata(final HttpServletRequest request) throws IOException, NotFoundElement, NoSuchRepositoryFileException {
final String fullpath = (String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
LOG.debug("Fullname: {}", fullpath);
......
......@@ -145,19 +145,22 @@ public class RepositoryController extends ApiBaseController {
response.flushBuffer();
return;
}
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
response.setHeader(HttpHeaders.PRAGMA, "");
response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
response.setHeader(HttpHeaders.ETAG, eTag);
response.setContentType(repositoryFile.getContentType());
response.addHeader("Content-Disposition", String.format("attachment; filename=\"%s\"", repositoryFile.getOriginalFilename()));
final byte[] data = repositoryService.getFileBytes(repositoryFile);
if (data != null) {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
response.setHeader(HttpHeaders.PRAGMA, "");
response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
response.setHeader(HttpHeaders.ETAG, eTag);
response.setContentType(repositoryFile.getContentType());
response.addHeader("Content-Disposition", String.format("attachment; filename=\"%s\"", repositoryFile.getOriginalFilename()));
response.setContentLength(data.length);
response.getOutputStream().write(data);
} else {
throw new NoSuchRepositoryFileException("Bytes not available");
}
response.flushBuffer();
}
......
......@@ -16,14 +16,15 @@
package org.genesys2.server.api.v2;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Date;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.filerepository.NoSuchRepositoryFileException;
import org.genesys.filerepository.model.RepositoryFile;
......@@ -34,8 +35,8 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.HandlerMapping;
......@@ -58,7 +59,7 @@ public class RepositoryDownloadController extends ApiBaseController {
/**
* Serve the bytes of the repository object
*/
@RequestMapping(value = "/download/d/**", method = RequestMethod.GET)
@GetMapping(value = "/download/d/**")
public void downloadFile(final HttpServletRequest request, final HttpServletResponse response) throws IOException {
final String fullpath = ((String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE)).substring((RepositoryController.CONTROLLER_URL + "/download/d").length());
if (LOG.isTraceEnabled()) {
......@@ -79,7 +80,7 @@ public class RepositoryDownloadController extends ApiBaseController {
/**
* Return repository object metadata
*/
@RequestMapping(value = "/download/d/**", method = RequestMethod.GET, params = { "metadata" }, produces = MediaType.APPLICATION_JSON_VALUE)
@GetMapping(value = "/download/d/**", params = { "metadata" }, produces = MediaType.APPLICATION_JSON_VALUE)
public RepositoryFile getMetadata(final HttpServletRequest request) throws NoSuchRepositoryFileException {
final String fullpath = (String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
......@@ -164,6 +165,10 @@ public class RepositoryDownloadController extends ApiBaseController {
data = this.repositoryService.getFileBytes(repositoryFile);
if (data == null) {
throw new NotFoundElement("No such thing. Sorry");
}
// Cache for 24hrs
if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=2592000, s-maxage=2592000, public, no-transform");
......@@ -185,14 +190,10 @@ public class RepositoryDownloadController extends ApiBaseController {
}
}
if (data != null) {
response.setContentLength(data.length);
response.getOutputStream().write(data);
response.flushBuffer();
response.setContentLength(data.length);
response.getOutputStream().write(data);
response.flushBuffer();
} else {
throw new NotFoundElement("No such thing. Sorry");
}
}
private boolean clientCacheValid(RepositoryFile repositoryFile, HttpServletRequest request, HttpServletResponse response) throws IOException {
......
......@@ -49,6 +49,7 @@ import org.genesys.blocks.model.SelfCleaning;
import org.genesys.blocks.model.UuidModel;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.util.ClassAclOid;
import org.genesys.custom.elasticsearch.IgnoreField;
import org.genesys.filerepository.model.RepositoryFile;
import org.genesys2.server.model.PublishState;
import org.genesys2.util.MCPDUtil;
......@@ -145,6 +146,7 @@ public class DiversityTree extends UuidModel implements AclAwareModel, SelfClean
/** The treeFile. */
@OneToOne(fetch = FetchType.LAZY, cascade = {}, optional = true, orphanRemoval = false)
@JoinColumn(name = "treeFileId", unique = true)
@IgnoreField
private RepositoryFile treeFile;
@Transient
......
......@@ -783,11 +783,8 @@ public class DiversityTreeServiceImpl implements DiversityTreeService {
}
private void deleteAccessionRefs(final DiversityTree tree) {
Lists.partition(tree.getAccessionRefs(), 10000).parallelStream().forEach(batch -> {
accessionRefRepository.deleteAll(batch);
LOG.debug("Removed {} accessionRefs of DiversityTree {} from database", batch.size(), tree.getUuid());
});
LOG.info("Removed {} accessionRefs from DiversityTree {}", tree.getAccessionRefs().size(), tree.getUuid());
LOG.info("Removing {} accessionRefs from DiversityTree {}", tree.getAccessionRefs().size(), tree.getUuid());
accessionRefRepository.deleteAll(tree.getAccessionRefs());
tree.getAccessionRefs().clear();
}
}
......@@ -16,8 +16,16 @@
package org.genesys2.server.servlet.filter;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
......@@ -25,44 +33,115 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.filter.OncePerRequestFilter;
import static org.eclipse.jetty.http.HttpCookie.SAME_SITE_STRICT_COMMENT;
/**
* Converts the "access_token" cookie to the "Authorization" HTTP request header.
* Converts the API cookie to the "Authorization" HTTP request
* header if provided.
*
* Will Set-Cookie when cookie is missing.
*
* @author Maxym Borodenko
* @author Matija Obreza
*/
public class AccessTokenInCookieFilter extends OncePerRequestFilter {
public static final Logger LOG = LoggerFactory.getLogger(AccessTokenInCookieFilter.class);
private static final String ACCESS_TOKEN_COOKIE_PREFIX = "GENESYS_";
@Value("${host.name}") // we're using the API host name for cookie domain here
private String cookieDomain;
@Value("${base.cookie-secure}")
private boolean cookieSecure;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String token = null;
if (request.getHeader("Authorization") == null && request.getCookies() != null) {
for (Cookie cookie : request.getCookies()) {
if (cookie.getName().equalsIgnoreCase("access_token")) {
token = cookie.getValue();
String authorizationHeader = request.getHeader("Authorization");
Cookie[] cookies = request.getCookies();
String accessToken = null;
URL sourceUrl = null;
try {
sourceUrl = getRequestSource(request);
} catch (MalformedURLException e) {
LOG.debug("Could not obtain source URL: {}", e.getMessage());
}
if (sourceUrl == null) {
filterChain.doFilter(request, response);
return;
}
String tokenCookieName = ACCESS_TOKEN_COOKIE_PREFIX + sourceUrl.getHost();
if (authorizationHeader == null && cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equalsIgnoreCase(tokenCookieName)) {
accessToken = cookie.getValue();
break;
}
}
}
if (StringUtils.isNotBlank(token)) {
if (authorizationHeader == null && StringUtils.isNotBlank(accessToken)) {
LOG.debug("Using access token from cookie!");
// Wrap the request
CustomHeadersRequest customHeadersRequest = new CustomHeadersRequest(request);
customHeadersRequest.addHeader("Authorization", "Bearer " + token);
customHeadersRequest.addHeader("Authorization", "Bearer " + accessToken);
filterChain.doFilter(customHeadersRequest, response);
return;
}
// Register the "access_token" cookie if Authorization is provided, but cookie
// is missing or not matching
if (request.getHeader("Authorization") != null) {
Optional<Cookie> tokenCookie = Optional.empty();
if (cookies != null) {
tokenCookie = Arrays.stream(cookies).filter(cookie -> cookie.getName().equals(tokenCookieName)).findFirst();
}
accessToken = authorizationHeader.substring(7); // Remove "Bearer "
if (!tokenCookie.isPresent() || tokenCookie.get().getValue().equals(accessToken)) {
Cookie cookie = new Cookie(tokenCookieName, accessToken);
cookie.setComment(SAME_SITE_STRICT_COMMENT);
cookie.setHttpOnly(true);
cookie.setSecure(cookieSecure);
if (StringUtils.isNotBlank(cookieDomain)) {
cookie.setDomain(cookieDomain);
}
// Only set cookie for /api
cookie.setPath("/api");
LOG.info("Registering API cookie '{}' on {}{}", cookie.getName(), cookie.getDomain(), cookie.getPath());
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
private URL getRequestSource(HttpServletRequest request) throws MalformedURLException {
String origin = request.getHeader("Origin");
if (StringUtils.isNotBlank(origin)) {
return new URL(origin);
}
String referrer = request.getHeader("Referer");
if (StringUtils.isNotBlank(referrer)) {
return new URL(referrer);
}
return null;
}
static class CustomHeadersRequest extends HttpServletRequestWrapper {
private Map<String, String> customHeaders = new HashMap<>();
......
......@@ -16,12 +16,19 @@
package org.genesys2.spring.config;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.genesys.blocks.oauth.service.OAuthClientDetailsService;
import org.genesys.blocks.oauth.service.OAuthServiceImpl;
import org.genesys.blocks.security.component.OAuthClientOriginCheckFilter;
import org.genesys2.server.servlet.filter.AccessTokenInCookieFilter;
import org.genesys2.server.servlet.filter.ApiAccessLoggerFilter;
import org.genesys2.spring.CachedInMemoryAuthorizationCodeServices;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
......@@ -45,7 +52,6 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
......@@ -59,13 +65,21 @@ import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenCo
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
/**
* The Class OAuth2ServerConfig.
*/
@Configuration
public class OAuth2ServerConfig {
private static final String APPLICATION_RESOURCE_ID = "genesys";
private static final String APPLICATION_RESOURCE_ID = "Genesys";
public static final Logger LOG = LoggerFactory.getLogger(OAuth2ServerConfig.class);
@Value("${oauth.jwt.signingKey}")
private String jwtSigningKey;
......@@ -137,7 +151,12 @@ public class OAuth2ServerConfig {
public ApiAccessLoggerFilter apiAccessLoggerFilter() {
return new ApiAccessLoggerFilter();
}
@Bean
public AccessTokenInCookieFilter accessTokenInCookieFilter() {
return new AccessTokenInCookieFilter();
}
@Override
public void configure(final ResourceServerSecurityConfigurer resources) {
final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
......@@ -188,10 +207,10 @@ public class OAuth2ServerConfig {
;
/*@formatter:on*/
http.addFilterBefore(accessTokenInCookieFilter(), AbstractPreAuthenticatedProcessingFilter.class);
http.addFilterAfter(clientOriginCheckFilter(), AbstractPreAuthenticatedProcessingFilter.class);
http.addFilterAfter(apiAccessLoggerFilter(), SwitchUserFilter.class);
}
}
@Configuration
......@@ -204,7 +223,7 @@ public class OAuth2ServerConfig {
@Autowired
@Qualifier("oauthService")
private ClientDetailsService clientDetailsService;
private OAuthClientDetailsService clientDetailsService;
@Autowired
public PasswordEncoder passwordEncoder;
......@@ -270,6 +289,47 @@ public class OAuth2ServerConfig {
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients().checkTokenAccess("permitAll()").realm(APPLICATION_RESOURCE_ID + "/client").passwordEncoder(passwordEncoder);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration() {
private LoadingCache<String, Boolean> allowedOriginsCache = CacheBuilder.newBuilder().maximumSize(100).expireAfterWrite(10, TimeUnit.MINUTES).build(
new CacheLoader<String, Boolean>() {
public Boolean load(String origin) {
LOG.debug("Testing origin {}", origin);
return clientDetailsService.isOriginRegistered(origin);
}
});
@Override
public String checkOrigin(String requestOrigin) {
String result = super.checkOrigin(requestOrigin);
if (result != null) {
try {
LOG.debug("Checking origin {}/{} for API access", requestOrigin, result);
if (allowedOriginsCache.get(requestOrigin) == false) {
LOG.warn("{} is not a regisitered origin of any API client", requestOrigin);
return null;
} else {
// Looks good!
return result;
}
} catch (ExecutionException e) {
LOG.error(e.getMessage(), e);
}
}
return result;
}
};
config.setAllowCredentials(true);
config.setAllowedMethods(Collections.singletonList(HttpMethod.POST.name()));
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.setMaxAge(60 * 10L);
source.registerCorsConfiguration("/oauth/token", config);
CorsFilter filter = new CorsFilter(source);
oauthServer.addTokenEndpointAuthenticationFilter(filter);
}
}
......
......@@ -26,13 +26,11 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRegistration;
import javax.servlet.SessionTrackingMode;
import org.genesys2.server.servlet.filter.AccessTokenInCookieFilter;
import org.genesys2.server.servlet.filter.LocaleURLFilter;
import org.genesys2.server.servlet.filter.SuppressRequestRejectedExceptionFilter;
import org.sitemesh.builder.SiteMeshFilterBuilder;
import org.sitemesh.config.ConfigurableSiteMeshFilter;
import org.sitemesh.webapp.contentfilter.BasicSelector;
import org.springframework.context.annotation.Bean;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.filter.CharacterEncodingFilter;
import org.springframework.web.filter.CommonsRequestLoggingFilter;
......@@ -93,8 +91,6 @@ public class WebInitializer extends AbstractAnnotationConfigDispatcherServletIni
servletContext.addListener(new SessionListener());
}
@Bean
public CommonsRequestLoggingFilter requestLoggingFilter() {
CommonsRequestLoggingFilter loggingFilter = new CommonsRequestLoggingFilter();
loggingFilter.setIncludeClientInfo(true);
......@@ -137,10 +133,6 @@ public class WebInitializer extends AbstractAnnotationConfigDispatcherServletIni
localeURLFilter.setInitParameter("excludePaths", "/html,/login-attempt");
localeURLFilter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST, DispatcherType.INCLUDE, DispatcherType.FORWARD), false, "/*");
// Convert the cookie to the Authorization HTTP request header
final FilterRegistration.Dynamic accessTokenInCookieFilter = servletContext.addFilter("accessTokenInCookieFilter", AccessTokenInCookieFilter.class);
accessTokenInCookieFilter.addMappingForUrlPatterns(null, false, "/api/*");
// Then the spring security
final DelegatingFilterProxy filter = new DelegatingFilterProxy("springSecurityFilterChain");
filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment