Skip to content

Commit

Permalink
update gateway to support HTTP headers authentication
Browse files Browse the repository at this point in the history
  • Loading branch information
marwanehcine committed Sep 16, 2023
1 parent a97dc39 commit 36dc704
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,14 @@
*/
package org.georchestra.gateway.filter.headers;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

import org.georchestra.gateway.filter.headers.RemoveHeadersGatewayFilterFactory.RegExConfig;
import org.georchestra.gateway.model.GatewayConfigProperties;
Expand Down Expand Up @@ -106,10 +109,19 @@ public GatewayFilter apply(RegExConfig regexConfig) {
}

private boolean headerAuthenticated(String serverAddress) {
if (configProps != null && configProps.getHeaderTrustedProxies() != null
if (configProps != null && !configProps.getHeaderTrustedProxies().isEmpty()
&& configProps.isHeaderAuthentication()) {
HashSet hashSet = new HashSet<>(Arrays.asList(configProps.getHeaderTrustedProxies().split(";")));
if (!hashSet.isEmpty() && hashSet.contains(serverAddress)) {
if (configProps.getHeaderTrustedProxies().stream().filter(e -> serverAddress.contains(e))
.collect(Collectors.toList()).size() > 0) {
return true;
}
if (configProps.getHeaderTrustedProxies().stream().filter(e -> {
try {
return InetAddress.getByName(serverAddress).toString().contains(e);
} catch (UnknownHostException exp) {
return false;
}
}).collect(Collectors.toList()).size() > 0) {
return true;
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ public class GatewayConfigProperties {

private boolean headerAuthentication = false;

private String headerTrustedProxies;
private List<String> headerTrustedProxies;

private Map<String, List<String>> rolesMappings = Map.of();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ public class ResolveHttpHeadersGeorchestraUserFilter implements GlobalFilter, Or
}

public @Override Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
if (exchange.getRequest().getHeaders().containsKey("sec-mellon-name-id")) {
if (exchange.getRequest().getHeaders().containsKey("sec-georchestra-preauthenticated")
&& exchange.getRequest().getHeaders().get("sec-georchestra-preauthenticated").get(0).equals("true")) {
if (config.isCreateNonExistingUsersInLDAP()) {
String username = exchange.getRequest().getHeaders().get("sec-username").get(0);
Optional<GeorchestraUser> userOpt = map(username);
Expand Down Expand Up @@ -118,7 +119,6 @@ protected Optional<GeorchestraUser> map(String username) {
roles.add("ROLE_USER");
}
userOpt.get().setRoles(roles);
userOpt.get().setOrganization("INRAE");
}
return userOpt;
}
Expand All @@ -139,7 +139,6 @@ protected Optional<GeorchestraUser> map(ServerWebExchange exchange) {
roles.add("ROLE_USER");
}
user.setRoles(roles);
user.setOrganization("INRAE");
return Optional.of(user);
}

Expand Down

0 comments on commit 36dc704

Please sign in to comment.