Commit d4c2028c authored by Matija Obreza's avatar Matija Obreza

Merge branch 'ui-154-enable-cors-origin-filter' into 'master'

Enable CORS origin checks based on client#allowedOrigins

See merge request genesys-pgr/genesys-server!372
parents ac89e063 1b6b3548
......@@ -18,6 +18,7 @@ package org.genesys2.spring.config;
import java.util.Arrays;
import org.genesys.blocks.oauth.service.OAuthServiceImpl;
import org.genesys.blocks.security.component.OAuthClientOriginCheckFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
......@@ -49,6 +50,7 @@ import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
/**
* The Class OAuth2ServerConfig.
......@@ -57,7 +59,7 @@ import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
public class OAuth2ServerConfig {
private static final String APPLICATION_RESOURCE_ID = "genesys";
@Value("${default.jwt.signingKey}")
@Value("${oauth.jwt.signingKey}")
private String jwtSigningKey;
@Autowired
......@@ -107,10 +109,10 @@ public class OAuth2ServerConfig {
protected class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
// OAuth2 CORS Origin header checker
// @Bean
// public OAuthClientOriginCheckFilter clientOriginCheckFilter() {
// return new OAuthClientOriginCheckFilter();
// }
@Bean
public OAuthClientOriginCheckFilter clientOriginCheckFilter() {
return new OAuthClientOriginCheckFilter();
}
@Override
public void configure(final ResourceServerSecurityConfigurer resources) {
......@@ -162,7 +164,7 @@ public class OAuth2ServerConfig {
;
/*@formatter:on*/
// http.addFilterAfter(clientOriginCheckFilter(), AbstractPreAuthenticatedProcessingFilter.class);
http.addFilterAfter(clientOriginCheckFilter(), AbstractPreAuthenticatedProcessingFilter.class);
}
}
......
......@@ -40,6 +40,7 @@ default.oauthclient.clientId=defaultclient@localhost
default.oauthclient.clientSecret=changeme
default.oauth.accessToken.validity=21600
default.oauth.refreshToken.validity=604800
oauth.jwt.signingKey=genesys-signing-key-changeme
build.version=${project.version}
build.artifactId=${project.artifactId}
......@@ -220,7 +221,6 @@ itpgrfa.glis.ratelimit=20
# Catalogy thingies
partner.primary.uuid=39d3022b-dfca-45d8-98f1-3eeaa6c3e605
default.jwt.signingKey=genesys-signing-key-changeme
# Genesys Catalog URL
genesys.catalog.url=http://localhost:3000
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment