Add configuration for allowing http connection during development

svenzik · mrts · commit 3fb6b7154d75 · 2025-06-13T11:47:09.000+03:00
WE2-967

Signed-off-by: Sven Mitt &lt;svenzik@users.noreply.github.com&gt;
diff --git a/example/src/main/java/eu/webeid/example/config/YAMLConfig.java b/example/src/main/java/eu/webeid/example/config/YAMLConfig.java
@@ -22,6 +22,13 @@
 
 package eu.webeid.example.config;
 
+import java.net.InetAddress;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.UnknownHostException;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -32,6 +39,8 @@
 @ConfigurationProperties(prefix = "web-eid-auth-token.validation")
 public class YAMLConfig {
 
+    private static final Logger LOG = LoggerFactory.getLogger(YAMLConfig.class);
+
     @Value("local-origin")
     private String localOrigin;
 
@@ -49,6 +58,22 @@ public String getLocalOrigin() {
     }
 
     public void setLocalOrigin(String localOrigin) {
+        if (StringUtils.endsWith(localOrigin, "/")) {
+            throw new IllegalArgumentException("Configuration parameter local-origin cannot end with '/': " + localOrigin);
+        }
+        if (StringUtils.startsWith(localOrigin, "http:")) {
+            try {
+                if (InetAddress.getByName(new URI(localOrigin).getHost()).isLoopbackAddress()) {
+                    this.localOrigin = localOrigin.replaceFirst("^http:", "https:");
+                    LOG.warn("Configuration contains http protocol {}, which is not supported. Replacing it with secure {}", localOrigin, this.localOrigin);
+                    return;
+                }
+            } catch (URISyntaxException e) {
+                LOG.error("Configuration parameter origin-local does not contain an URL: {}", localOrigin, e);
+            } catch (UnknownHostException e) {
+                LOG.error("Unable to determine if origin-local {} is loopback address", localOrigin, e);
+            }
+        }
         this.localOrigin = localOrigin;
     }
 
diff --git a/example/src/test/java/eu/webeid/example/config/YAMLConfigTest.java b/example/src/test/java/eu/webeid/example/config/YAMLConfigTest.java
@@ -0,0 +1,69 @@
+package eu.webeid.example.config;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import org.apache.commons.lang3.StringUtils;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+class YAMLConfigTest {
+
+    @ValueSource(strings = {
+        "http://localhost",
+        "http://localhost:8080",
+        "http://127.0.0.1",
+        "http://127.0.0.1:8080",
+        "http://::1",
+        "http://[::1]:8080"
+    })
+    @ParameterizedTest
+    void givenLocalOriginHttpLoopbackAddress_whenParsingLocalOrigin_thenItIsReplacedWithHttps(String origin) {
+        YAMLConfig yamlConfig = new YAMLConfig();
+        yamlConfig.setLocalOrigin(origin);
+        assertThat(yamlConfig.getLocalOrigin()).isEqualTo(origin.replaceFirst("^http:", "https:"));
+    }
+
+    @ValueSource(strings = {
+        "https://localhost",
+        "https://localhost:8080",
+        "https://127.0.0.1",
+        "https://127.0.0.1:8080",
+        "https://::1",
+        "https://[::1]:8080",
+    })
+    @ParameterizedTest
+    void givenLocalOriginHttpsLoopbackAddress_whenParsingLocalOrigin_thenOriginalIsKept(String origin) {
+        YAMLConfig yamlConfig = new YAMLConfig();
+        yamlConfig.setLocalOrigin(origin);
+        assertThat(yamlConfig.getLocalOrigin()).isEqualTo(origin);
+    }
+
+    @ValueSource(strings = {
+        "http://somename.app",
+        "http://somename.app:8080",
+        "http://8.8.8.8",
+        "http://8.8.8.8:8080",
+        "http://[2001:4860:4860::8888]",
+        "http://[2001:4860:4860::8888]:8080",
+    })
+    @ParameterizedTest
+    void givenLocalOriginHttpNonLoopbackAddress_whenParsingLocalOrigin_thenOriginalIsKept(String origin) {
+        YAMLConfig yamlConfig = new YAMLConfig();
+        yamlConfig.setLocalOrigin(origin);
+        assertThat(yamlConfig.getLocalOrigin()).isEqualTo(origin);
+    }
+
+    @ValueSource(strings = {
+        "https://localhost/",
+        "https://localhost:8080/"
+    })
+    @ParameterizedTest
+    void givenLocalOriginThatEndsWithSlash_whenParsingLocalOrigin_thenExceptionIsThrown(String origin) {
+        YAMLConfig yamlConfig = new YAMLConfig();
+        assertThatThrownBy(() -> yamlConfig.setLocalOrigin(origin))
+            .hasMessage("Configuration parameter local-origin cannot end with '/': " + origin);
+    }
+}
