diff --git a/gateway/src/main/java/org/georchestra/gateway/filter/headers/HeaderFiltersConfiguration.java b/gateway/src/main/java/org/georchestra/gateway/filter/headers/HeaderFiltersConfiguration.java index 1e62361c..b03374fe 100644 --- a/gateway/src/main/java/org/georchestra/gateway/filter/headers/HeaderFiltersConfiguration.java +++ b/gateway/src/main/java/org/georchestra/gateway/filter/headers/HeaderFiltersConfiguration.java @@ -57,11 +57,6 @@ CookieAffinityGatewayFilterFactory cookieAffinityGatewayFilterFactory() { return new CookieAffinityGatewayFilterFactory(); } - @Bean - ProxyGatewayFilterFactory proxyGatewayFilterFactory() { - return new ProxyGatewayFilterFactory(); - } - @Bean GeorchestraUserHeadersContributor userSecurityHeadersProvider() { return new GeorchestraUserHeadersContributor(); diff --git a/gateway/src/main/java/org/georchestra/gateway/filter/headers/ProxyGatewayFilterFactory.java b/gateway/src/main/java/org/georchestra/gateway/filter/headers/ProxyGatewayFilterFactory.java deleted file mode 100644 index 6c4c4242..00000000 --- a/gateway/src/main/java/org/georchestra/gateway/filter/headers/ProxyGatewayFilterFactory.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.georchestra.gateway.filter.headers; - -import java.net.InetAddress; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.UnknownHostException; -import java.util.List; - -import org.springframework.cloud.gateway.filter.GatewayFilter; -import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory; -import org.springframework.cloud.gateway.route.Route; -import org.springframework.cloud.gateway.support.ServerWebExchangeUtils; -import org.springframework.http.server.reactive.ServerHttpRequest; -import org.springframework.security.access.AccessDeniedException; - -public class ProxyGatewayFilterFactory extends AbstractGatewayFilterFactory { - public ProxyGatewayFilterFactory() { - super(Object.class); - } - - @Override - public GatewayFilter apply(final Object config) { - return (exchange, chain) -> { - Route route = exchange.getAttribute(ServerWebExchangeUtils.GATEWAY_ROUTE_ATTR); - ServerHttpRequest request = exchange.getRequest(); - List remoteUrls = request.getQueryParams().get("url"); - if ((remoteUrls != null) && (remoteUrls.size() == 1)) { - try { - URI remoteUrl = URI.create(remoteUrls.get(0)); - String remoteHost = remoteUrl.getHost(); - InetAddress address = InetAddress.getByName(remoteHost); - if (address.isSiteLocalAddress() || address.isLoopbackAddress()) { - throw new AccessDeniedException("provided url is forbidden"); - } - - request = exchange.getRequest().mutate().uri(remoteUrl).header("Host", remoteHost).build(); - - Route newRoute = Route.async().id(route.getId()).uri(new URI(remoteUrls.get(0))) - .order(route.getOrder()).asyncPredicate(route.getPredicate()).build(); - - exchange.getAttributes().put(AddSecHeadersGatewayFilterFactory.DISABLE_SECURITY_HEADERS, "true"); - exchange.getAttributes().put(ServerWebExchangeUtils.GATEWAY_ROUTE_ATTR, newRoute); - return chain.filter(exchange.mutate().request(request).build()); - } catch (URISyntaxException e) { - } catch (UnknownHostException e) { - } - } - return chain.filter(exchange); - }; - } -} diff --git a/gateway/src/test/resources/application-createaccount.yml b/gateway/src/test/resources/application-createaccount.yml index 0b774fad..d9d3c835 100644 --- a/gateway/src/test/resources/application-createaccount.yml +++ b/gateway/src/test/resources/application-createaccount.yml @@ -10,7 +10,6 @@ georchestra: global-access-rules: - intercept-url: - "/**" - - "/proxy/?url=*" anonymous: true security: createNonExistingUsersInLDAP: true diff --git a/gateway/src/test/resources/application-preauth.yml b/gateway/src/test/resources/application-preauth.yml index 967d7fdd..dfca9da6 100644 --- a/gateway/src/test/resources/application-preauth.yml +++ b/gateway/src/test/resources/application-preauth.yml @@ -10,7 +10,6 @@ georchestra: global-access-rules: - intercept-url: - "/**" - - "/proxy/?url=*" anonymous: true security: createNonExistingUsersInLDAP: true diff --git a/gateway/src/test/resources/application-rabbitmq.yml b/gateway/src/test/resources/application-rabbitmq.yml index 97a81554..1a9154c5 100644 --- a/gateway/src/test/resources/application-rabbitmq.yml +++ b/gateway/src/test/resources/application-rabbitmq.yml @@ -10,7 +10,6 @@ georchestra: global-access-rules: - intercept-url: - "/**" - - "/proxy/?url=*" anonymous: true security: createNonExistingUsersInLDAP: true