Fix #33103: add workaround for links in MS office

Author: LEDfan

src/main/java/eu/openanalytics/containerproxy/security/UserAgentFilter.java

@@ -0,0 +1,48 @@
+/**
+ * ContainerProxy
+ *
+ * Copyright (C) 2016-2024 Open Analytics
+ *
+ * ===========================================================================
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Apache License as published by
+ * The Apache Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Apache License for more details.
+ *
+ * You should have received a copy of the Apache License
+ * along with this program.  If not, see <http://www.apache.org/licenses/>
+ */
+package eu.openanalytics.containerproxy.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+public class UserAgentFilter extends OncePerRequestFilter {
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
+        if (request.getHeader("User-Agent").contains("ms-office")) {
+            // see #33103
+            // send empty response if request made by MS Office
+            // otherwise the user will not be able to sign-in (or get logged out)
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("text/html");
+            response.getWriter().write("");
+            response.setStatus(HttpStatus.OK.value());
+            return;
+        }
+        chain.doFilter(request, response);
+    }
+}

src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java

@@ -130,6 +130,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
         // App Recovery Filter
         http.addFilterAfter(appRecoveryFilter, BasicAuthenticationFilter.class);
+        http.addFilterAfter(new UserAgentFilter(), BasicAuthenticationFilter.class);
 
         // Perform CSRF check on the login form
         http.csrf(csrf -> csrf.requireCsrfProtectionMatcher(new AntPathRequestMatcher("/login", "POST")));