Merge pull request #698 from puzzle/main

Deploy on production

Author: peggimann

backend/pom.xml

@@ -6,11 +6,11 @@
     <parent>
         <groupId>ch.puzzle.okr</groupId>
         <artifactId>parent</artifactId>
-        <version>2.0.1-SNAPSHOT</version>
+        <version>2.0.4-SNAPSHOT</version>
     </parent>
 
     <artifactId>backend</artifactId>
-    <version>2.0.1-SNAPSHOT</version>
+    <version>2.0.4-SNAPSHOT</version>
     <name>backend</name>
     <description>Puzzle OKR Tool</description>
 

backend/src/main/java/ch/puzzle/okr/ForwardFilter.java

@@ -12,33 +12,24 @@
 
 import java.io.IOException;
 import java.util.Arrays;
-import java.util.logging.Filter;
-import java.util.logging.LogRecord;
 
 public class ForwardFilter extends GenericFilterBean {
 
     private static final Logger logger = LoggerFactory.getLogger(ForwardFilter.class);
-    private final String[] allowedRoutes = { "/keyresult", "/objective" };
+    private final String[] allowedRoutes = { "/keyresult", "/objective", "/?state" };
 
     @Override
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
             throws IOException, ServletException {
         HttpServletRequest request = (HttpServletRequest) servletRequest;
         String path = request.getRequestURI();
-        if (request.getParameter("state") != null) {
+
+        if (Arrays.stream(this.allowedRoutes).anyMatch(path::startsWith)) {
             logger.info(String.format("Keycloak state parameter detected ====> make a forward from '%s' to '%s'",
                     request.getRequestURI(), "/"));
             servletRequest.getRequestDispatcher("/").forward(servletRequest, servletResponse);
             return;
         }
-        if (Arrays.stream(this.allowedRoutes).anyMatch(path::startsWith)) {
-            servletRequest.getRequestDispatcher("/").forward(servletRequest, servletResponse);
-            return;
-        }
-        if (request.getParameter("error") != null) {
-            logger.error(String.format("error from keycloak %s", request.getParameter("error")));
-            return;
-        }
         logger.debug(String.format("====> pass through the filter '%s'", request.getRequestURI()));
         filterChain.doFilter(servletRequest, servletResponse);
     }

backend/src/main/java/ch/puzzle/okr/SecurityConfig.java

@@ -26,6 +26,7 @@ public class SecurityConfig {
     @Order(1) // Must be First order! Otherwise unauthorized Requests are sent to Controllers
     public SecurityFilterChain apiSecurityFilterChain(HttpSecurity http) throws Exception {
         setHeaders(http);
+        http.addFilterAfter(new ForwardFilter(), BasicAuthenticationFilter.class);
         logger.debug("*** apiSecurityFilterChain reached");
         return http.cors(Customizer.withDefaults())
                 .authorizeHttpRequests(e -> e.requestMatchers("/api/**").authenticated().anyRequest().permitAll())

backend/src/test/java/ch/puzzle/okr/ForwardFilterTest.java

@@ -59,8 +59,7 @@ void shouldNotFilterTheRootPath(String requestUri) throws ServletException, IOEx
     @Test
     void shouldFilterAuthPath() throws ServletException, IOException {
         // given
-        when(request.getRequestURI()).thenReturn("/state=''");
-        when(request.getParameter("state")).thenReturn("state");
+        when(request.getRequestURI()).thenReturn("/?state=''");
         when(request.getRequestDispatcher(anyString())).thenReturn(requestDispatcher);
         doNothing().when(requestDispatcher).forward(Mockito.eq(request), Mockito.eq(response));
 

pom.xml

@@ -8,7 +8,7 @@
 
     <groupId>ch.puzzle.okr</groupId>
     <artifactId>parent</artifactId>
-    <version>2.0.1-SNAPSHOT</version>
+    <version>2.0.4-SNAPSHOT</version>
 
     <parent>
         <groupId>org.springframework.boot</groupId>