Code development platform for open source projects from the European Union institutions

Skip to content
Snippets Groups Projects

Feature/fix headers filter

Merged Feature/fix headers filter
feature/fix-headers-filter into develop
Merged Jean Claude Correale requested to merge feature/fix-headers-filter into develop
Compare
and
2 files
+ 39
62
Compare changes
  • Side-by-side
  • Inline
Files
2
src/main/java/com/aruba/simpl/tlsgateway/filters/HeadersFilter.java
+ 39
52
@@ -3,14 +3,12 @@ package com.aruba.simpl.tlsgateway.filters;
import static com.aruba.simpl.tlsgateway.filters.EphemeralProofFilter.EPHEMERAL_PROOF_ATTRIBUTES;
import static com.aruba.simpl.tlsgateway.filters.EphemeralProofFilter.MANAGE_EPHEMERAL_PROOF;
import com.aruba.simpl.common.exceptions.InvalidTierOneSessionException;
import com.aruba.simpl.common.model.constants.SimplHeaders;
import com.aruba.simpl.common.model.dto.IdentityAttributeDTO;
import com.aruba.simpl.common.utils.JwtUtil;
import com.aruba.simpl.tlsgateway.services.TierOneSessionValidator;
import com.aruba.simpl.tlsgateway.utils.ExchangeUtil;
import com.nimbusds.jwt.SignedJWT;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
@@ -38,42 +36,36 @@ public class HeadersFilter implements GlobalFilter, Ordered {
}
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain chain) {
log.info("Headers Filter...");
var credentialId = ExchangeUtil.getCredentialIdFromExchange(exchange);
return getTierOneToken(exchange)
.switchIfEmpty(Mono.defer(() -> {
addHeadersToRequest(exchange);
addAbacAttributeToRequest(exchange);
return Mono.empty();
}))
.flatMap(jwt -> {
addHeadersToRequest(exchange);
addAbacAttributeToRequest(exchange, jwt);
return Mono.just(jwt);
})
.flatMap(jwt -> validateSession(exchange, jwt, credentialId))
.onErrorStop()
.then(chain.filter(exchange));
var credentialId = ExchangeUtil.getCredentialIdFromExchange(serverWebExchange);
return Mono.just(serverWebExchange).flatMap(exchange -> {
var jwt = getTierOneToken(exchange);
var epAttributes = getIdentityAttributeCodes(getEphemeralProofAttributes(exchange));
var endUserAttributes = jwt
.map(token -> {
validateSession(serverWebExchange, token, credentialId);
return token;
})
.map(this::getIdentityAttributeCodes)
.orElse(List.of())
.stream();
var attributes = Stream.concat(epAttributes, endUserAttributes).toList();
exchange = addAbacAttributeToRequest(exchange, attributes);
exchange = addHeadersToRequest(exchange, credentialId);
return chain.filter(exchange);
});
}
private void addAbacAttributeToRequest(ServerWebExchange exchange) {
var epAttributes = getEphemeralProofAttributes(exchange);
if (!epAttributes.isEmpty()) {
exchange.getRequest()
.mutate()
.header(
SimplHeaders.USER_ATTRIBUTES,
buildUserAttributesHeader(getIdentityAttributeCodes(epAttributes)));
private ServerWebExchange addAbacAttributeToRequest(ServerWebExchange exchange, List<String> attributes) {
if (!attributes.isEmpty()) {
return exchange.mutate()
.request(request -> request.header(
SimplHeaders.USER_ATTRIBUTES, buildUserAttributesHeader(attributes.stream()))
.build())
.build();
}
}
private void addAbacAttributeToRequest(ServerWebExchange exchange, SignedJWT tierOneJwt) {
var epAttributes = getIdentityAttributeCodes(getEphemeralProofAttributes(exchange));
var endUserAttributes = getIdentityAttributeCodes(tierOneJwt).stream();
var fullAttributes = buildUserAttributesHeader(Stream.concat(epAttributes, endUserAttributes));
exchange.getRequest().mutate().header(SimplHeaders.USER_ATTRIBUTES, fullAttributes);
return exchange;
}
@SuppressWarnings("unchecked")
@@ -84,33 +76,28 @@ public class HeadersFilter implements GlobalFilter, Ordered {
return new ArrayList<>();
}
private void addHeadersToRequest(ServerWebExchange exchange) {
var credentialId = ExchangeUtil.getCredentialIdFromExchange(exchange);
exchange.getRequest().mutate().header(SimplHeaders.CREDENTIAL_ID, credentialId);
private ServerWebExchange addHeadersToRequest(ServerWebExchange exchange, String credentialId) {
return exchange.mutate()
.request(request -> request.header(SimplHeaders.CREDENTIAL_ID, credentialId))
.build();
}
private Mono<SignedJWT> getTierOneToken(ServerWebExchange exchange) {
return Mono.just((Boolean) exchange.getAttributes().get(MANAGE_EPHEMERAL_PROOF))
.flatMap(shouldManage -> Boolean.TRUE.equals(shouldManage) ? Mono.just(true) : Mono.empty())
.then(parseToken(exchange));
private Optional<SignedJWT> getTierOneToken(ServerWebExchange exchange) {
var shouldManage = exchange.getAttributes().get(MANAGE_EPHEMERAL_PROOF);
if (Boolean.TRUE.equals(shouldManage)) {
return parseToken(exchange);
}
return Optional.empty();
}
private Mono<SignedJWT> parseToken(ServerWebExchange exchange) {
return Mono.justOrEmpty(
JwtUtil.getBearerToken(exchange.getRequest().getHeaders()).map(token -> {
try {
return SignedJWT.parse(token);
} catch (ParseException e) {
throw new InvalidTierOneSessionException();
}
}));
private Optional<SignedJWT> parseToken(ServerWebExchange exchange) {
return JwtUtil.getBearerToken(exchange.getRequest().getHeaders()).map(JwtUtil::parseJwt);
}
private Mono<Void> validateSession(ServerWebExchange exchange, SignedJWT tierOneJwt, String credentialId) {
private void validateSession(ServerWebExchange exchange, SignedJWT tierOneJwt, String credentialId) {
if (Objects.equals(Boolean.TRUE, exchange.getAttributes().get(MANAGE_EPHEMERAL_PROOF))) {
tierOneSessionValidator.validate(tierOneJwt, credentialId);
}
return Mono.empty();
}
@SneakyThrows

For further information about the platform and support, please see https://code.europa.eu/info/about