diff --git a/gateway/src/main/java/org/georchestra/gateway/filter/headers/RemoveHeadersGatewayFilterFactory.java b/gateway/src/main/java/org/georchestra/gateway/filter/headers/RemoveHeadersGatewayFilterFactory.java index bbf273be..87a4eb8c 100644 --- a/gateway/src/main/java/org/georchestra/gateway/filter/headers/RemoveHeadersGatewayFilterFactory.java +++ b/gateway/src/main/java/org/georchestra/gateway/filter/headers/RemoveHeadersGatewayFilterFactory.java @@ -18,11 +18,14 @@ */ package org.georchestra.gateway.filter.headers; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.util.Arrays; import java.util.HashSet; import java.util.List; import java.util.Objects; import java.util.regex.Pattern; +import java.util.stream.Collectors; import org.georchestra.gateway.filter.headers.RemoveHeadersGatewayFilterFactory.RegExConfig; import org.georchestra.gateway.model.GatewayConfigProperties; @@ -106,10 +109,19 @@ public GatewayFilter apply(RegExConfig regexConfig) { } private boolean headerAuthenticated(String serverAddress) { - if (configProps != null && configProps.getHeaderTrustedProxies() != null + if (configProps != null && !configProps.getHeaderTrustedProxies().isEmpty() && configProps.isHeaderAuthentication()) { - HashSet hashSet = new HashSet<>(Arrays.asList(configProps.getHeaderTrustedProxies().split(";"))); - if (!hashSet.isEmpty() && hashSet.contains(serverAddress)) { + if (configProps.getHeaderTrustedProxies().stream().filter(e -> serverAddress.contains(e)) + .collect(Collectors.toList()).size() > 0) { + return true; + } + if (configProps.getHeaderTrustedProxies().stream().filter(e -> { + try { + return InetAddress.getByName(serverAddress).toString().contains(e); + } catch (UnknownHostException exp) { + return false; + } + }).collect(Collectors.toList()).size() > 0) { return true; } } diff --git a/gateway/src/main/java/org/georchestra/gateway/model/GatewayConfigProperties.java b/gateway/src/main/java/org/georchestra/gateway/model/GatewayConfigProperties.java index a0574348..1f7143e5 100644 --- a/gateway/src/main/java/org/georchestra/gateway/model/GatewayConfigProperties.java +++ b/gateway/src/main/java/org/georchestra/gateway/model/GatewayConfigProperties.java @@ -40,7 +40,7 @@ public class GatewayConfigProperties { private boolean headerAuthentication = false; - private String headerTrustedProxies; + private List headerTrustedProxies; private Map> rolesMappings = Map.of(); diff --git a/gateway/src/main/java/org/georchestra/gateway/security/ResolveHttpHeadersGeorchestraUserFilter.java b/gateway/src/main/java/org/georchestra/gateway/security/ResolveHttpHeadersGeorchestraUserFilter.java index 459cac81..6ee8f61f 100644 --- a/gateway/src/main/java/org/georchestra/gateway/security/ResolveHttpHeadersGeorchestraUserFilter.java +++ b/gateway/src/main/java/org/georchestra/gateway/security/ResolveHttpHeadersGeorchestraUserFilter.java @@ -64,7 +64,8 @@ public class ResolveHttpHeadersGeorchestraUserFilter implements GlobalFilter, Or } public @Override Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) { - if (exchange.getRequest().getHeaders().containsKey("sec-mellon-name-id")) { + if (exchange.getRequest().getHeaders().containsKey("sec-georchestra-preauthenticated") + && exchange.getRequest().getHeaders().get("sec-georchestra-preauthenticated").get(0).equals("true")) { if (config.isCreateNonExistingUsersInLDAP()) { String username = exchange.getRequest().getHeaders().get("sec-username").get(0); Optional userOpt = map(username); @@ -118,7 +119,6 @@ protected Optional map(String username) { roles.add("ROLE_USER"); } userOpt.get().setRoles(roles); - userOpt.get().setOrganization("INRAE"); } return userOpt; } @@ -139,7 +139,6 @@ protected Optional map(ServerWebExchange exchange) { roles.add("ROLE_USER"); } user.setRoles(roles); - user.setOrganization("INRAE"); return Optional.of(user); }