Merge pull request 'Improve properties' (#51) from bug/25757 into develop

fmichielssen · fmichielssen · commit 15aa072a2901 · 2021-07-13T13:29:44.000Z
diff --git a/src/main/java/eu/openanalytics/containerproxy/ContainerProxyApplication.java b/src/main/java/eu/openanalytics/containerproxy/ContainerProxyApplication.java
@@ -21,9 +21,9 @@
 package eu.openanalytics.containerproxy;
 
 import com.fasterxml.jackson.datatype.jsr353.JSR353Module;
-import eu.openanalytics.containerproxy.service.AppRecoveryService;
 import eu.openanalytics.containerproxy.util.ProxyMappingManager;
 import io.undertow.Handlers;
+import io.undertow.server.handlers.SameSiteCookieHandler;
 import io.undertow.servlet.api.ServletSessionConfig;
 import io.undertow.servlet.api.SessionManagerFactory;
 import org.apache.logging.log4j.LogManager;
@@ -76,8 +76,8 @@ public class ContainerProxyApplication {
 
 	private final Logger log = LogManager.getLogger(getClass());
 
-	@Inject
-	private AppRecoveryService appRecoveryService;
+	private static final String PROP_PROXY_SAME_SITE_COOKIE = "proxy.same-site-cookie";
+	private static final String SAME_SITE_COOKIE_DEFAULT_VALUE = "Lax";
 
 	public static void main(String[] args) {
 		SpringApplication app = new SpringApplication(ContainerProxyApplication.class);
@@ -105,7 +105,7 @@ public void init() {
 			log.warn("WARNING: Using server.use-forward-headers will not work in this ShinyProxy release, you need to change your configuration to use another property. See https://shinyproxy.io/documentation/security/#forward-headers on how to change your configuration.");
 		}
 
-		String sameSiteCookie = environment.getProperty("proxy.same-site-cookie", "Lax");
+		String sameSiteCookie = environment.getProperty(PROP_PROXY_SAME_SITE_COOKIE, SAME_SITE_COOKIE_DEFAULT_VALUE);
 		log.debug("Setting sameSiteCookie policy to {}" , sameSiteCookie);
 		defaultCookieSerializer.setSameSite(sameSiteCookie);
 	}
@@ -118,15 +118,18 @@ public UndertowServletWebServerFactory servletContainer() {
 		UndertowServletWebServerFactory factory = new UndertowServletWebServerFactory();
 		factory.addDeploymentInfoCustomizers(info -> {
 			info.setPreservePathOnForward(false); // required for the /api/route/{id}/ endpoint to work properly
-			if (Boolean.valueOf(environment.getProperty("logging.requestdump", "false"))) {
-				info.addOuterHandlerChainWrapper(defaultHandler -> Handlers.requestDump(defaultHandler));
+			if (Boolean.parseBoolean(environment.getProperty("logging.requestdump", "false"))) {
+				info.addOuterHandlerChainWrapper(Handlers::requestDump);
 			}
-			info.addInnerHandlerChainWrapper(defaultHandler -> {
-				return mappingManager.createHttpHandler(defaultHandler);
-			});
+			info.addInnerHandlerChainWrapper(defaultHandler -> mappingManager.createHttpHandler(defaultHandler));
+
+			String sameSiteCookie = environment.getProperty(PROP_PROXY_SAME_SITE_COOKIE, SAME_SITE_COOKIE_DEFAULT_VALUE);
+		 	log.debug("Setting sameSiteCookie policy for session cookies to {}" , sameSiteCookie);
+		 	info.addOuterHandlerChainWrapper(defaultHandler -> new SameSiteCookieHandler(defaultHandler, sameSiteCookie, null, true, true, true));
+
 			ServletSessionConfig sessionConfig = new ServletSessionConfig();
 			sessionConfig.setHttpOnly(true);
-			sessionConfig.setSecure(Boolean.valueOf(environment.getProperty("server.secureCookies", "false")));
+			sessionConfig.setSecure(Boolean.parseBoolean(environment.getProperty("server.secure-cookies", "false")));
 			info.setServletSessionConfig(sessionConfig);
 			if (sessionManagerFactory != null) {
 				info.setSessionManagerFactory(sessionManagerFactory);
diff --git a/src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java b/src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java
@@ -28,7 +28,6 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.env.Environment;
-import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationEventPublisher;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -42,7 +41,6 @@
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.access.AccessDeniedHandlerImpl;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
-import org.springframework.security.web.csrf.InvalidCsrfTokenException;
 import org.springframework.security.web.csrf.MissingCsrfTokenException;
 import org.springframework.security.web.header.writers.StaticHeadersWriter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -124,7 +122,7 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Acc
 		// Always set header: X-Content-Type-Options=nosniff
 		http.headers().contentTypeOptions();
 
-		String frameOptions = environment.getProperty("server.frameOptions", "disable");
+		String frameOptions = environment.getProperty("server.frame-options", "disable");
 		switch (frameOptions.toUpperCase()) {
 			case "DISABLE":
 				http.headers().frameOptions().disable();
diff --git a/src/main/java/eu/openanalytics/containerproxy/service/AppRecoveryService.java b/src/main/java/eu/openanalytics/containerproxy/service/AppRecoveryService.java
@@ -53,7 +53,7 @@
 @Service
 public class AppRecoveryService {
 
-	protected static final String PROPERTY_RECOVER_RUNNING_APPS = "proxy.recover_running_apps";
+	protected static final String PROPERTY_RECOVER_RUNNING_PROXIES = "proxy.recover_running_proxies";
 
 	private final Logger log = LogManager.getLogger(AppRecoveryService.class);
 
@@ -79,7 +79,7 @@ public class AppRecoveryService {
 
 	@EventListener(ApplicationReadyEvent.class)
 	public void recoverRunningApps() throws Exception {
-		if (Boolean.parseBoolean(environment.getProperty(PROPERTY_RECOVER_RUNNING_APPS, "false"))) {
+		if (Boolean.parseBoolean(environment.getProperty(PROPERTY_RECOVER_RUNNING_PROXIES, "false"))) {
 			log.info("Recovery of running apps enabled");
 
 			Map<String, Proxy> proxies = new HashMap();
diff --git a/src/main/java/eu/openanalytics/containerproxy/service/ProxyService.java b/src/main/java/eu/openanalytics/containerproxy/service/ProxyService.java
@@ -106,11 +106,11 @@ public class ProxyService {
 
 	private boolean stopAppsOnShutdown;
 
-	private static final String PROPERTY_STOP_APPS_ON_SHUTDOWN = "proxy.stop_apps_on_shutdown";
+	private static final String PROPERTY_STOP_PROXIES_ON_SHUTDOWN = "proxy.stop_proxies_on_shutdown";
 
 	@PostConstruct
 	public void init() {
-	    stopAppsOnShutdown = Boolean.parseBoolean(environment.getProperty(PROPERTY_STOP_APPS_ON_SHUTDOWN, "true"));
+	    stopAppsOnShutdown = Boolean.parseBoolean(environment.getProperty(PROPERTY_STOP_PROXIES_ON_SHUTDOWN, "true"));
 	}
 
 	@PreDestroy
diff --git a/src/test/resources/application-app-recovery_docker-swarm.yml b/src/test/resources/application-app-recovery_docker-swarm.yml
@@ -1,6 +1,6 @@
 proxy:
-  recover_running_apps: true
-  stop_apps_on_shutdown: false
+  recover_running_proxies: true
+  stop_proxies_on_shutdown: false
 
   authentication: simple
   containerBackend: docker-swarm
diff --git a/src/test/resources/application-app-recovery_docker-swarm_2.yml b/src/test/resources/application-app-recovery_docker-swarm_2.yml
@@ -1,7 +1,7 @@
 proxy:
   titlle: Yet Another Instance
-  recover_running_apps: true
-  stop_apps_on_shutdown: false
+  recover_running_proxies: true
+  stop_proxies_on_shutdown: false
 
   authentication: simple
   containerBackend: docker-swarm
diff --git a/src/test/resources/application-app-recovery_docker.yml b/src/test/resources/application-app-recovery_docker.yml
@@ -1,6 +1,6 @@
 proxy:
-  recover_running_apps: true
-  stop_apps_on_shutdown: false
+  recover_running_proxies: true
+  stop_proxies_on_shutdown: false
 
   authentication: simple
   container-backend: docker
diff --git a/src/test/resources/application-app-recovery_docker_2.yml b/src/test/resources/application-app-recovery_docker_2.yml
@@ -1,7 +1,7 @@
 proxy:
   titlle: Yet Another Instance
-  recover_running_apps: true
-  stop_apps_on_shutdown: false
+  recover_running_proxies: true
+  stop_proxies_on_shutdown: false
 
   authentication: simple
   container-backend: docker
diff --git a/src/test/resources/application-app-recovery_kubernetes.yml b/src/test/resources/application-app-recovery_kubernetes.yml
@@ -1,6 +1,6 @@
 proxy:
-  recover_running_apps: true
-  stop_apps_on_shutdown: false
+  recover_running_proxies: true
+  stop_proxies_on_shutdown: false
 
   authentication: simple
   container-backend: kubernetes
diff --git a/src/test/resources/application-app-recovery_kubernetes_2.yml b/src/test/resources/application-app-recovery_kubernetes_2.yml
@@ -1,7 +1,7 @@
 proxy:
   titlle: Yet Another Instance
-  recover_running_apps: true
-  stop_apps_on_shutdown: false
+  recover_running_proxies: true
+  stop_proxies_on_shutdown: false
 
   authentication: simple
   container-backend: kubernetes
diff --git a/src/test/resources/application-app-recovery_kubernetes_multi_ns.yml b/src/test/resources/application-app-recovery_kubernetes_multi_ns.yml
@@ -1,8 +1,8 @@
 appNamespaces:
   - itest-overridden
 proxy:
-  recover_running_apps: true
-  stop_apps_on_shutdown: false
+  recover_running_proxies: true
+  stop_proxies_on_shutdown: false
 
   authentication: simple
   container-backend: kubernetes
