Provide a default implementation for getServletUri()

eclipse-lyo · Jul 31, 2023 · 17944f5 · 17944f5
1 parent ab181cd
commit 17944f5
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 6 deletions.
diff --git a/server/oauth-core/pom.xml b/server/oauth-core/pom.xml
@@ -17,6 +17,12 @@
     </properties>
 
     <dependencies>
+        <!-- Lyo Dependencies -->
+        <dependency>
+            <groupId>org.eclipse.lyo.oslc4j.core</groupId>
+            <artifactId>lyo-core-settings</artifactId>
+            <version>${v.lyo}</version>
+        </dependency>
         <!-- Project specific -->
          <dependency>
            <groupId>jakarta.ws.rs</groupId>

diff --git a/...c/main/java/org/eclipse/lyo/server/oauth/core/utils/AbstractAdapterCredentialsFilter.java b/...c/main/java/org/eclipse/lyo/server/oauth/core/utils/AbstractAdapterCredentialsFilter.java
@@ -37,6 +37,7 @@
 import net.oauth.http.HttpMessage;
 import net.oauth.server.OAuthServlet;
 
+import org.eclipse.lyo.oslc4j.core.OSLC4JUtils;
 import org.eclipse.lyo.server.oauth.core.Application;
 import org.eclipse.lyo.server.oauth.core.AuthenticationException;
 import org.eclipse.lyo.server.oauth.core.OAuthConfiguration;
@@ -185,14 +186,16 @@ protected void logout(Connection loginSession, HttpSession session) {
     abstract protected ConsumerStore createConsumerStore() throws Exception;
 
     /**
-     * Sets the official servlet URL 
+     * Gets the official servlet URL 
      * in case this can differ from that in the individual requests.
      * @see org.eclipse.lyo.server.oauth.core.OAuthConfiguration#setServletUri(String)
-     * Typical implementation can be:
-     * <pre>return OSLC4JUtils.getServletURI();
-     * </pre>
+     * This is the typical implementation, which assumes {@link OSLC4JUtils#setPublicURI(String) OSLC4JUtils.setPublicURI(String)}
+     *  and {@link OSLC4JUtils#setServletPath(String) OSLC4JUtils.setServletPath(String)}  
+     * are first used to set the servlet URL.
      */
-    abstract protected String getServletUri();
+    protected String getServletUri() {
+        return OSLC4JUtils.getServletURI();
+    }
 
     /**
      * Check if the resource is protected

diff --git a/.../oauth-webapp/src/main/java/org/eclipse/lyo/server/oauth/webapp/services/CSRFPrevent.java b/.../oauth-webapp/src/main/java/org/eclipse/lyo/server/oauth/webapp/services/CSRFPrevent.java
@@ -35,7 +35,7 @@ public static void check(HttpServletRequest httpRequest) {
 		String csrfPrevent = httpRequest.getHeader(CSRF_PREVENT_HEADER);
 		String sessionId = httpRequest.getSession().getId();
 		if (!sessionId.equals(csrfPrevent)) {
-		    log.error("Request denied due to possible CSRF attack. Expected X-CSRF-Prevent header: {}. Received: {}", sessionId, csrfPrevent);
+		    log.warn("Request denied due to possible CSRF attack. Expected X-CSRF-Prevent header: {}. Received: {}", sessionId, csrfPrevent);
 			throw new WebApplicationException(Response.status(Status.FORBIDDEN)
 					.entity("Request denied due to possible CSRF attack.").type(MediaType.TEXT_PLAIN).build());
 		}