From 144b60bf97a2616e3ef32d3f67dfd1b5784f8d93 Mon Sep 17 00:00:00 2001 From: Miroslav Blasko Date: Sun, 19 Nov 2023 16:03:54 +0100 Subject: [PATCH] [Fix] Fix parsing of AllowedOrigins from appContext variable --- .../kbss/study/config/SecurityConfig.java | 35 ++++++++++++++----- .../exception/EntityExistsException.java | 2 +- .../study/exception/FormManagerException.java | 24 ------------- .../study/exception/NotFoundException.java | 2 +- .../study/exception/PersistenceException.java | 2 +- .../exception/RecordManagerException.java | 24 +++++++++++++ .../study/exception/ValidationException.java | 2 +- .../WebServiceIntegrationException.java | 2 +- .../study/security/AuthenticationSuccess.java | 4 +-- .../java/cz/cvut/kbss/study/util/Utils.java | 6 ++-- 10 files changed, 61 insertions(+), 42 deletions(-) delete mode 100644 src/main/java/cz/cvut/kbss/study/exception/FormManagerException.java create mode 100644 src/main/java/cz/cvut/kbss/study/exception/RecordManagerException.java diff --git a/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java b/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java index 30653a4d..5fb17609 100644 --- a/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java +++ b/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java @@ -1,9 +1,12 @@ package cz.cvut.kbss.study.config; +import cz.cvut.kbss.study.exception.RecordManagerException; import cz.cvut.kbss.study.security.CsrfHeaderFilter; import cz.cvut.kbss.study.security.SecurityConstants; import cz.cvut.kbss.study.service.ConfigReader; import cz.cvut.kbss.study.util.ConfigParam; +import java.net.MalformedURLException; +import java.net.URL; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; @@ -94,23 +97,39 @@ CorsConfigurationSource corsConfigurationSource(ConfigReader config) { } static CorsConfigurationSource createCorsConfiguration(ConfigReader configReader) { - // allowCredentials requires allowed origins to be configured (* is not supported) final CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues(); corsConfiguration.setAllowedMethods(Collections.singletonList("*")); - if (!configReader.getConfig(ConfigParam.APP_CONTEXT, "").isBlank()) { - String appUrl = configReader.getConfig(ConfigParam.APP_CONTEXT); - appUrl = appUrl.substring(0, appUrl.lastIndexOf('/')); - corsConfiguration.setAllowedOrigins(List.of(appUrl)); - } else { - corsConfiguration.setAllowedOrigins(Collections.singletonList("*")); + URL appUrl = getApplicationContext(configReader); + if (appUrl != null) { + corsConfiguration.setAllowedOrigins(List.of(parseOrigin(appUrl))); + corsConfiguration.setAllowCredentials(true); } corsConfiguration.addExposedHeader(HttpHeaders.AUTHORIZATION); corsConfiguration.addExposedHeader(HttpHeaders.LOCATION); corsConfiguration.addExposedHeader(HttpHeaders.CONTENT_DISPOSITION); - corsConfiguration.setAllowCredentials(true); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", corsConfiguration); return source; } + + private static URL getApplicationContext(ConfigReader configReader) { + String appUrl = configReader.getConfig(ConfigParam.APP_CONTEXT); + + if (appUrl.isBlank()) { + return null; + } + try { + return new URL(appUrl); + } catch (MalformedURLException e) { + throw new RecordManagerException( + "Invalid configuration parameter " + ConfigParam.APP_CONTEXT + ".", + e); + } + } + + private static String parseOrigin(URL url) { + return url.getProtocol() + "://" + url.getHost() + + (url.getPort() != -1 ? ":" + url.getPort() : ""); + } } diff --git a/src/main/java/cz/cvut/kbss/study/exception/EntityExistsException.java b/src/main/java/cz/cvut/kbss/study/exception/EntityExistsException.java index 176cdd6e..956c4d91 100644 --- a/src/main/java/cz/cvut/kbss/study/exception/EntityExistsException.java +++ b/src/main/java/cz/cvut/kbss/study/exception/EntityExistsException.java @@ -1,6 +1,6 @@ package cz.cvut.kbss.study.exception; -public class EntityExistsException extends FormManagerException { +public class EntityExistsException extends RecordManagerException { public EntityExistsException(String message) { super(message); diff --git a/src/main/java/cz/cvut/kbss/study/exception/FormManagerException.java b/src/main/java/cz/cvut/kbss/study/exception/FormManagerException.java deleted file mode 100644 index 9f4eb792..00000000 --- a/src/main/java/cz/cvut/kbss/study/exception/FormManagerException.java +++ /dev/null @@ -1,24 +0,0 @@ -package cz.cvut.kbss.study.exception; - -/** - * Application-specific exception. - *

- * All exceptions related to the application should be subclasses of this one. - */ -public class FormManagerException extends RuntimeException { - - protected FormManagerException() { - } - - public FormManagerException(String message) { - super(message); - } - - public FormManagerException(String message, Throwable cause) { - super(message, cause); - } - - public FormManagerException(Throwable cause) { - super(cause); - } -} diff --git a/src/main/java/cz/cvut/kbss/study/exception/NotFoundException.java b/src/main/java/cz/cvut/kbss/study/exception/NotFoundException.java index a0cff039..4d672946 100644 --- a/src/main/java/cz/cvut/kbss/study/exception/NotFoundException.java +++ b/src/main/java/cz/cvut/kbss/study/exception/NotFoundException.java @@ -1,6 +1,6 @@ package cz.cvut.kbss.study.exception; -public class NotFoundException extends FormManagerException { +public class NotFoundException extends RecordManagerException { public NotFoundException(String message) { super(message); diff --git a/src/main/java/cz/cvut/kbss/study/exception/PersistenceException.java b/src/main/java/cz/cvut/kbss/study/exception/PersistenceException.java index 82b2541e..e3af88af 100644 --- a/src/main/java/cz/cvut/kbss/study/exception/PersistenceException.java +++ b/src/main/java/cz/cvut/kbss/study/exception/PersistenceException.java @@ -3,7 +3,7 @@ /** * General exception marking an error in the persistence layer. */ -public class PersistenceException extends FormManagerException { +public class PersistenceException extends RecordManagerException { public PersistenceException(String message) { super(message); diff --git a/src/main/java/cz/cvut/kbss/study/exception/RecordManagerException.java b/src/main/java/cz/cvut/kbss/study/exception/RecordManagerException.java new file mode 100644 index 00000000..1cdbf085 --- /dev/null +++ b/src/main/java/cz/cvut/kbss/study/exception/RecordManagerException.java @@ -0,0 +1,24 @@ +package cz.cvut.kbss.study.exception; + +/** + * Application-specific exception. + *

+ * All exceptions related to the application should be subclasses of this one. + */ +public class RecordManagerException extends RuntimeException { + + protected RecordManagerException() { + } + + public RecordManagerException(String message) { + super(message); + } + + public RecordManagerException(String message, Throwable cause) { + super(message, cause); + } + + public RecordManagerException(Throwable cause) { + super(cause); + } +} diff --git a/src/main/java/cz/cvut/kbss/study/exception/ValidationException.java b/src/main/java/cz/cvut/kbss/study/exception/ValidationException.java index 8e8e15f7..dbcd41b0 100644 --- a/src/main/java/cz/cvut/kbss/study/exception/ValidationException.java +++ b/src/main/java/cz/cvut/kbss/study/exception/ValidationException.java @@ -3,7 +3,7 @@ /** * High-level exception marking a validated object invalid. */ -public class ValidationException extends FormManagerException { +public class ValidationException extends RecordManagerException { private final String messageId; diff --git a/src/main/java/cz/cvut/kbss/study/exception/WebServiceIntegrationException.java b/src/main/java/cz/cvut/kbss/study/exception/WebServiceIntegrationException.java index 81d37040..e6507086 100644 --- a/src/main/java/cz/cvut/kbss/study/exception/WebServiceIntegrationException.java +++ b/src/main/java/cz/cvut/kbss/study/exception/WebServiceIntegrationException.java @@ -3,7 +3,7 @@ /** * Exception thrown when access to other application's web services fails. */ -public class WebServiceIntegrationException extends FormManagerException { +public class WebServiceIntegrationException extends RecordManagerException { public WebServiceIntegrationException(String message) { super(message); diff --git a/src/main/java/cz/cvut/kbss/study/security/AuthenticationSuccess.java b/src/main/java/cz/cvut/kbss/study/security/AuthenticationSuccess.java index a7d700b2..fc7c6c42 100644 --- a/src/main/java/cz/cvut/kbss/study/security/AuthenticationSuccess.java +++ b/src/main/java/cz/cvut/kbss/study/security/AuthenticationSuccess.java @@ -1,7 +1,7 @@ package cz.cvut.kbss.study.security; import com.fasterxml.jackson.databind.ObjectMapper; -import cz.cvut.kbss.study.exception.FormManagerException; +import cz.cvut.kbss.study.exception.RecordManagerException; import cz.cvut.kbss.study.security.model.LoginStatus; import cz.cvut.kbss.study.service.ConfigReader; import cz.cvut.kbss.study.util.ConfigParam; @@ -99,7 +99,7 @@ private void addSameSiteCookieAttribute(HttpServletResponse response) { SameSiteValue sameSiteValue = SameSiteValue.getValue(configValue) .orElseThrow( - () -> new FormManagerException( + () -> new RecordManagerException( "Could not recognize " + ConfigParam.SECURITY_SAME_SITE + " parameter value '" + configValue + "', as it is not one of the values " + Arrays.toString(SameSiteValue.values()) + "." diff --git a/src/main/java/cz/cvut/kbss/study/util/Utils.java b/src/main/java/cz/cvut/kbss/study/util/Utils.java index f9a41bf3..c549a274 100644 --- a/src/main/java/cz/cvut/kbss/study/util/Utils.java +++ b/src/main/java/cz/cvut/kbss/study/util/Utils.java @@ -1,6 +1,6 @@ package cz.cvut.kbss.study.util; -import cz.cvut.kbss.study.exception.FormManagerException; +import cz.cvut.kbss.study.exception.RecordManagerException; import java.io.*; import java.net.URI; @@ -22,14 +22,14 @@ public static String loadQuery(String queryFileName) { final InputStream is = Utils.class.getClassLoader().getResourceAsStream( Constants.QUERY_DIRECTORY + File.separator + queryFileName); if (is == null) { - throw new FormManagerException( + throw new RecordManagerException( "Initialization exception. Query file not found in " + Constants.QUERY_DIRECTORY + File.separator + queryFileName); } try (final BufferedReader in = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8))) { return in.lines().collect(Collectors.joining("\n")); } catch (IOException e) { - throw new FormManagerException("Initialization exception. Unable to load query!", e); + throw new RecordManagerException("Initialization exception. Unable to load query!", e); } }