From 4db4610bbb3543d33272b7aa9c707ed65f4fe6b8 Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Wed, 11 Sep 2024 10:08:58 +0300 Subject: [PATCH 01/12] SUPPORT-8470: Fix (cherry picked from commit 3f54d22828e14c6a4120f4309a4070e34c36eaf6) --- .../ru/micord/ervu/security/esia/service/EsiaAuthService.java | 1 - 1 file changed, 1 deletion(-) diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 0b07f973..9e64f115 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -338,7 +338,6 @@ public class EsiaAuthService { if (cookie.getName().equals("auth_token") || cookie.getName().equals("refresh_token") || cookie.getName().equals("access_token") || cookie.getName().equals("is_auth")) { cookie.setValue(""); - cookie.setPath("/"); cookie.setMaxAge(0); response.addCookie(cookie); } From 2540f280a4df7a9f50f298063cdcbd65708d8f2f Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Wed, 11 Sep 2024 10:18:56 +0300 Subject: [PATCH 02/12] SUPPORT-8427: Fix --- .../security/esia/controller/EsiaController.java | 4 ++-- .../security/esia/service/EsiaAuthService.java | 16 +++++++++------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/controller/EsiaController.java b/backend/src/main/java/ru/micord/ervu/security/esia/controller/EsiaController.java index 92197f85..d408ff4d 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/controller/EsiaController.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/controller/EsiaController.java @@ -30,8 +30,8 @@ public class EsiaController { } @RequestMapping(value = "/esia/auth", params = "code", method = RequestMethod.GET) - public boolean esiaAuth(@RequestParam("code") String code, HttpServletResponse response) { - return esiaAuthService.getEsiaTokensByCode(code, response); + public boolean esiaAuth(@RequestParam("code") String code, HttpServletRequest request, HttpServletResponse response) { + return esiaAuthService.getEsiaTokensByCode(code, request, response); } @RequestMapping(value = "/esia/refresh") diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 9e64f115..e18ec05e 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -125,7 +125,7 @@ public class EsiaAuthService { return uriBuilder.toString(); } - public boolean getEsiaTokensByCode(String esiaAuthCode, HttpServletResponse response) { + public boolean getEsiaTokensByCode(String esiaAuthCode, HttpServletRequest request, HttpServletResponse response) { try { String clientId = esiaConfig.getClientId(); DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx"); @@ -179,21 +179,22 @@ public class EsiaAuthService { if (!hasRole) { throw new RuntimeException("The user does not have the required role"); } + String path = request.getContextPath(); Cookie cookie = new Cookie("access_token", accessToken); cookie.setHttpOnly(true); - cookie.setPath("/"); + cookie.setPath(path); response.addCookie(cookie); String refreshToken = tokenResponse.getRefresh_token(); Cookie cookieRefresh = new Cookie("refresh_token", refreshToken); cookieRefresh.setHttpOnly(true); - cookieRefresh.setPath("/"); + cookieRefresh.setPath(path); response.addCookie(cookieRefresh); EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken); Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in()); Cookie authToken = new Cookie("auth_token", token.getValue()); - authToken.setPath("/"); + authToken.setPath(path); authToken.setHttpOnly(true); response.addCookie(authToken); SecurityContextHolder.getContext() @@ -271,13 +272,14 @@ public class EsiaAuthService { String accessToken = tokenResponse.getAccess_token(); Cookie cookie = new Cookie("access_token", accessToken); cookie.setHttpOnly(true); - cookie.setPath("/"); + String path = request.getContextPath(); + cookie.setPath(path); response.addCookie(cookie); String newRefreshToken = tokenResponse.getRefresh_token(); Cookie cookieRefresh = new Cookie("refresh_token", newRefreshToken); cookieRefresh.setHttpOnly(true); - cookieRefresh.setPath("/"); + cookieRefresh.setPath(path); response.addCookie(cookieRefresh); EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken); Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in()); @@ -290,7 +292,7 @@ public class EsiaAuthService { new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null)); Cookie isAuth = new Cookie("is_auth", "true"); - isAuth.setPath("/"); + isAuth.setPath(path); response.addCookie(isAuth); } catch (Exception e) { From 1a0c8374c54f5c492458b5eb8df3829fa3dd8d44 Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Wed, 11 Sep 2024 16:08:22 +0300 Subject: [PATCH 03/12] SUPPORT-8427: Fix --- .../micord/ervu/security/esia/service/EsiaAuthService.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index e18ec05e..340db2d8 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -202,7 +202,8 @@ public class EsiaAuthService { new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null)); Cookie isAuth = new Cookie("is_auth", "true"); - isAuth.setPath("/"); + isAuth.setMaxAge(esiaAccessToken.getExp().intValue()); + isAuth.setPath(path); response.addCookie(isAuth); return true; } @@ -284,7 +285,7 @@ public class EsiaAuthService { EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken); Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in()); Cookie authToken = new Cookie("auth_token", token.getValue()); - authToken.setPath("/"); + authToken.setPath(path); authToken.setHttpOnly(true); response.addCookie(authToken); SecurityContextHolder.getContext() @@ -292,6 +293,7 @@ public class EsiaAuthService { new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null)); Cookie isAuth = new Cookie("is_auth", "true"); + isAuth.setMaxAge(esiaAccessToken.getExp().intValue()); isAuth.setPath(path); response.addCookie(isAuth); } From d9cdc8e0b08ccedb1fd5686a242321b256d8e85c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A5=D0=B0=D0=BB=D1=82=D0=BE=D0=B1=D0=B8=D0=BD=20=D0=95?= =?UTF-8?q?=D0=B2=D0=B3=D0=B5=D0=BD=D0=B8=D0=B9?= Date: Thu, 12 Sep 2024 09:19:07 +0300 Subject: [PATCH 04/12] fix --- frontend/src/resources/app-config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/resources/app-config.json b/frontend/src/resources/app-config.json index abae1b54..5d83fdd5 100644 --- a/frontend/src/resources/app-config.json +++ b/frontend/src/resources/app-config.json @@ -5,7 +5,7 @@ "filter_cleanup_check_period_minutes": 30, "auth_method": "form", "enable.version.in.url": "%enable.version.in.url%", - "backend.context": "ul", + "backend.context": "ul/ul", "guard.confirm_exit": false, "message_service_error_timeout": "", "message_service_warning_timeout": "", From 7902cddf0b4cbc7541758033ac736aa3f0ed93f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A5=D0=B0=D0=BB=D1=82=D0=BE=D0=B1=D0=B8=D0=BD=20=D0=95?= =?UTF-8?q?=D0=B2=D0=B3=D0=B5=D0=BD=D0=B8=D0=B9?= Date: Thu, 12 Sep 2024 09:29:01 +0300 Subject: [PATCH 05/12] updated webbpm.properties --- config/tomcat/tomee/conf/webbpm.properties | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/config/tomcat/tomee/conf/webbpm.properties b/config/tomcat/tomee/conf/webbpm.properties index 0fe1d606..d8924708 100644 --- a/config/tomcat/tomee/conf/webbpm.properties +++ b/config/tomcat/tomee/conf/webbpm.properties @@ -13,3 +13,29 @@ webbpm.mode=production webbpm.jbpm.hibernate_statistics.enabled=false webbpm.cache.hazelcast.hosts=127.0.0.1 webbpm.cache.hazelcast.outbound_port_definitions=5801-5820 + + +file.webdav.upload.url=https://ervu-webdav.k8s.micord.ru +file.webdav.upload.username=test +file.webdav.upload.password=test +kafka.send.message.topic.name=file-upload-v2 +kafka.send.url=http://10.10.31.11:32609 +kafka.send.security.protocol=SASL_PLAINTEXT +kafka.sasl.mechanism=SCRAM-SHA-256 +kafka.send.username=user1 +kafka.send.password=Blfi9d2OFG +ervu.fileupload.max_file_size=5242880 +ervu.fileupload.max_request_size=6291456 +ervu.fileupload.file_size_threshold=0 + +esia-scopes=fullname, snils, id_doc, birthdate, usr_org, openid +esia-org-scopes=org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps +esia-org-scope-url=http://esia.gosuslugi.ru/ +esia-uri.base-uri=https://esia-portal1.test.gosuslugi.ru/ +esia-uri.code-path=https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v2/ac +esia-uri.token-path=https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v3/te +esia-client-id=MNSV89 +esia-redirect-url=https://lkrp-dev.micord.ru/ul/ +sign-url=https://ervu-sign-dev.k8s.micord.ru/sign +esia-uri.logout=https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout +client-cert-hash=04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD From ca86d651759fb0f6f2b0c3137843fd629e89e516 Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Thu, 12 Sep 2024 10:04:24 +0300 Subject: [PATCH 06/12] SUPPORT-8427: Fix --- frontend/src/ts/modules/security/guard/auth.guard.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/ts/modules/security/guard/auth.guard.ts b/frontend/src/ts/modules/security/guard/auth.guard.ts index f10e5898..0c81275c 100644 --- a/frontend/src/ts/modules/security/guard/auth.guard.ts +++ b/frontend/src/ts/modules/security/guard/auth.guard.ts @@ -33,7 +33,7 @@ export abstract class AuthGuard implements CanActivate { else if (code) { const params = new HttpParams().set('code', code); this.httpClient.get("esia/auth", {params: params}).toPromise().then( - () => window.open(url.origin, "_self")) + () => window.open(url.origin + url.pathname, "_self")) .catch((reason) => console.error(reason) ); From 1f06a103eb4f0da6348e7ccd7c7f110cd8dbff39 Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Thu, 12 Sep 2024 10:19:46 +0300 Subject: [PATCH 07/12] SUPPORT-8427: Fix --- .../ru/micord/ervu/security/esia/service/EsiaAuthService.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 340db2d8..4e227f35 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -348,12 +348,10 @@ public class EsiaAuthService { } String logoutUrl = esiaConfig.getLogoutUrl(); String redirectUrl = esiaConfig.getRedirectUrl(); - String redirectUrlEncoded = redirectUrl.replaceAll(":", "%3A") - .replaceAll("/", "%2F"); URL url = new URL(logoutUrl); Map params = mapOf( "client_id", esiaConfig.getClientId(), - "redirect_uri", redirectUrlEncoded); + "redirect_url", redirectUrl); return makeRequest(url, params); } catch (Exception e) { From 2792129e69c0ceb776b26db6caabd122c4d83885 Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Thu, 12 Sep 2024 12:36:07 +0300 Subject: [PATCH 08/12] SUPPORT-8427: Fix --- .../ru/micord/ervu/security/esia/service/EsiaAuthService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 4e227f35..ebd1dd93 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -202,7 +202,7 @@ public class EsiaAuthService { new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null)); Cookie isAuth = new Cookie("is_auth", "true"); - isAuth.setMaxAge(esiaAccessToken.getExp().intValue()); + isAuth.setMaxAge(tokenResponse.getExpires_in().intValue()); isAuth.setPath(path); response.addCookie(isAuth); return true; @@ -293,7 +293,7 @@ public class EsiaAuthService { new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null)); Cookie isAuth = new Cookie("is_auth", "true"); - isAuth.setMaxAge(esiaAccessToken.getExp().intValue()); + isAuth.setMaxAge(tokenResponse.getExpires_in().intValue()); isAuth.setPath(path); response.addCookie(isAuth); } From 531443697c2380b9fa785faa04968b694a8ec484 Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Thu, 12 Sep 2024 13:21:13 +0300 Subject: [PATCH 09/12] SUPPORT-8427: Fix --- frontend/src/ts/modules/app/component/logout.component.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/frontend/src/ts/modules/app/component/logout.component.ts b/frontend/src/ts/modules/app/component/logout.component.ts index 2c64a6bc..1d7671a6 100644 --- a/frontend/src/ts/modules/app/component/logout.component.ts +++ b/frontend/src/ts/modules/app/component/logout.component.ts @@ -1,8 +1,7 @@ -import {Component, OnInit} from "@angular/core"; +import {ChangeDetectorRef, Component, OnInit} from "@angular/core"; import {Router} from "@angular/router"; import {HttpClient} from "@angular/common/http"; import {CookieService} from "ngx-cookie"; -import {Deferred} from "@webbpm/base-package"; @Component({ moduleId: module.id, @@ -16,7 +15,7 @@ export class LogOutComponent implements OnInit{ constructor(private router: Router, private httpClient: HttpClient, - private cookieService: CookieService) { + private cookieService: CookieService, private cd: ChangeDetectorRef) { } ngOnInit(): void { @@ -28,6 +27,7 @@ export class LogOutComponent implements OnInit{ ]).then(([userFullname, orgUnitName]) => { this.userFullname = userFullname; this.orgUnitName = orgUnitName; + this.cd.markForCheck(); }); } } From 5da678d30465f5f9454f70f2bb2d4bb0891e209a Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Thu, 12 Sep 2024 14:44:11 +0300 Subject: [PATCH 10/12] SUPPORT-8427: Fix --- .../ervu/security/esia/config/EsiaConfig.java | 21 --------- .../esia/service/EsiaAuthService.java | 44 +++++++++++++------ config/patches/default.cli | 3 -- config/standalone/dev/standalone.xml | 1 - 4 files changed, 30 insertions(+), 39 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java b/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java index 1ed60af1..a97cdd00 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java @@ -23,12 +23,6 @@ public class EsiaConfig { @Value("${esia-uri.base-uri:#{null}}") private String esiaBaseUri; - @Value("${esia-uri.code-path:#{null}}") - private String esiaCodePath; - - @Value("${esia-uri.token-path:#{null}}") - private String esiaTokenPath; - @Value("${esia-client-id:#{null}}") private String clientId; @@ -38,9 +32,6 @@ public class EsiaConfig { @Value("${sign-url:#{null}}") private String signUrl; - @Value("${esia-uri.logout:#{null}}") - private String logoutUrl; - @Value("${client-cert-hash:#{null}}") private String clientCertHash; @@ -50,14 +41,6 @@ public class EsiaConfig { @Value("${esia.connection-timeout:30}") private long connectionTimeout; - public String getEsiaCodeUri() { - return esiaCodePath; - } - - public String getEsiaTokenUri() { - return esiaTokenPath; - } - public String getEsiaOrgScopes() { String[] scopeItems = esiaOrgScopes.split(","); return String.join(" ", Arrays.stream(scopeItems).map(item -> orgScopeUrl + item.trim()).toArray(String[]::new)); @@ -84,10 +67,6 @@ public class EsiaConfig { return signUrl; } - public String getLogoutUrl() { - return logoutUrl; - } - public String getClientCertHash() {return clientCertHash;} public long getRequestTimeout() { diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index ebd1dd93..84266ac5 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -19,6 +19,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.fasterxml.jackson.databind.ObjectMapper; +import org.springframework.beans.factory.annotation.Value; import ru.micord.ervu.security.esia.config.EsiaConfig; import ru.micord.ervu.security.esia.model.FormUrlencoded; import ru.micord.ervu.security.esia.model.EsiaAccessToken; @@ -37,6 +38,9 @@ import ru.micord.ervu.security.webbpm.jwt.model.Token; @Service public class EsiaAuthService { + @Value("${cookie-path:#{null}}") + private String path; + @Autowired private ObjectMapper objectMapper; @@ -74,7 +78,7 @@ public class EsiaAuthService { String responseType = "code"; - String authUrl = esiaConfig.getEsiaCodeUri(); + String authUrl = esiaConfig.getEsiaBaseUri() + "aas/oauth2/v2/ac"; URL url = new URL(authUrl); Map params = mapOf("scope", scope, @@ -146,7 +150,7 @@ public class EsiaAuthService { parameters.put("code", esiaAuthCode); String clientSecret = signMap(parameters); - String authUrl = esiaConfig.getEsiaTokenUri(); + String authUrl = esiaConfig.getEsiaBaseUri() + "aas/oauth2/v3/te"; String postBody = new FormUrlencoded() .setParameter("client_id", clientId) .setParameter("code", esiaAuthCode) @@ -179,22 +183,28 @@ public class EsiaAuthService { if (!hasRole) { throw new RuntimeException("The user does not have the required role"); } - String path = request.getContextPath(); + String cookiePath = null; + if (path != null) { + cookiePath = path; + } + else { + cookiePath = request.getContextPath(); + } Cookie cookie = new Cookie("access_token", accessToken); cookie.setHttpOnly(true); - cookie.setPath(path); + cookie.setPath(cookiePath); response.addCookie(cookie); String refreshToken = tokenResponse.getRefresh_token(); Cookie cookieRefresh = new Cookie("refresh_token", refreshToken); cookieRefresh.setHttpOnly(true); - cookieRefresh.setPath(path); + cookieRefresh.setPath(cookiePath); response.addCookie(cookieRefresh); EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken); Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in()); Cookie authToken = new Cookie("auth_token", token.getValue()); - authToken.setPath(path); + authToken.setPath(cookiePath); authToken.setHttpOnly(true); response.addCookie(authToken); SecurityContextHolder.getContext() @@ -203,7 +213,7 @@ public class EsiaAuthService { Cookie isAuth = new Cookie("is_auth", "true"); isAuth.setMaxAge(tokenResponse.getExpires_in().intValue()); - isAuth.setPath(path); + isAuth.setPath(cookiePath); response.addCookie(isAuth); return true; } @@ -242,7 +252,7 @@ public class EsiaAuthService { parameters.put("refresh_token", refreshToken); String clientSecret = signMap(parameters); - String authUrl = esiaConfig.getEsiaTokenUri(); + String authUrl = esiaConfig.getEsiaBaseUri() + "aas/oauth2/v3/te"; String postBody = new FormUrlencoded() .setParameter("client_id", clientId) .setParameter("refresh_token", refreshToken) @@ -273,19 +283,25 @@ public class EsiaAuthService { String accessToken = tokenResponse.getAccess_token(); Cookie cookie = new Cookie("access_token", accessToken); cookie.setHttpOnly(true); - String path = request.getContextPath(); - cookie.setPath(path); + String cookiePath = null; + if (path != null) { + cookiePath = path; + } + else { + cookiePath = request.getContextPath(); + } + cookie.setPath(cookiePath); response.addCookie(cookie); String newRefreshToken = tokenResponse.getRefresh_token(); Cookie cookieRefresh = new Cookie("refresh_token", newRefreshToken); cookieRefresh.setHttpOnly(true); - cookieRefresh.setPath(path); + cookieRefresh.setPath(cookiePath); response.addCookie(cookieRefresh); EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken); Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in()); Cookie authToken = new Cookie("auth_token", token.getValue()); - authToken.setPath(path); + authToken.setPath(cookiePath); authToken.setHttpOnly(true); response.addCookie(authToken); SecurityContextHolder.getContext() @@ -294,7 +310,7 @@ public class EsiaAuthService { Cookie isAuth = new Cookie("is_auth", "true"); isAuth.setMaxAge(tokenResponse.getExpires_in().intValue()); - isAuth.setPath(path); + isAuth.setPath(cookiePath); response.addCookie(isAuth); } catch (Exception e) { @@ -346,7 +362,7 @@ public class EsiaAuthService { response.addCookie(cookie); } } - String logoutUrl = esiaConfig.getLogoutUrl(); + String logoutUrl = esiaConfig.getEsiaBaseUri() + "idp/ext/Logout"; String redirectUrl = esiaConfig.getRedirectUrl(); URL url = new URL(logoutUrl); Map params = mapOf( diff --git a/config/patches/default.cli b/config/patches/default.cli index 08512905..489f7532 100644 --- a/config/patches/default.cli +++ b/config/patches/default.cli @@ -44,10 +44,7 @@ xa-data-source add \ /system-property=esia-org-scopes:add(value="org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps") /system-property=esia-org-scope-url:add(value="http://esia.gosuslugi.ru/") /system-property=esia-uri.base-uri:add(value="https://esia-portal1.test.gosuslugi.ru/") -/system-property=esia-uri.code-path:add(value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v2/ac") -/system-property=esia-uri.token-path:add(value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v3/te") /system-property=esia-client-id:add(value="MNSV89") /system-property=esia-redirect-url:add(value="https://lkrp-dev.micord.ru/ul/") /system-property=sign-url:add(value="https://ervu-sign-dev.k8s.micord.ru/sign") -/system-property=esia-uri.logout:add(value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout") /system-property=client-cert-hash:add(value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD") diff --git a/config/standalone/dev/standalone.xml b/config/standalone/dev/standalone.xml index 8b80b120..b1c1d65a 100644 --- a/config/standalone/dev/standalone.xml +++ b/config/standalone/dev/standalone.xml @@ -75,7 +75,6 @@ - From e977eb2bfedc7f785e1af79ac25bd0a35b4b4b34 Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Thu, 12 Sep 2024 14:51:21 +0300 Subject: [PATCH 11/12] SUPPORT-8427: Fix --- config/tomcat/tomee/conf/webbpm.properties | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/tomcat/tomee/conf/webbpm.properties b/config/tomcat/tomee/conf/webbpm.properties index d8924708..abd086d4 100644 --- a/config/tomcat/tomee/conf/webbpm.properties +++ b/config/tomcat/tomee/conf/webbpm.properties @@ -32,10 +32,7 @@ esia-scopes=fullname, snils, id_doc, birthdate, usr_org, openid esia-org-scopes=org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps esia-org-scope-url=http://esia.gosuslugi.ru/ esia-uri.base-uri=https://esia-portal1.test.gosuslugi.ru/ -esia-uri.code-path=https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v2/ac -esia-uri.token-path=https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v3/te esia-client-id=MNSV89 esia-redirect-url=https://lkrp-dev.micord.ru/ul/ sign-url=https://ervu-sign-dev.k8s.micord.ru/sign -esia-uri.logout=https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout client-cert-hash=04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD From 1fbb464e3be8704dd9354ae403785ae2d148dad6 Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Thu, 12 Sep 2024 16:40:20 +0300 Subject: [PATCH 12/12] SUPPORT-8427: Fix --- config/standalone/dev/standalone.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/standalone/dev/standalone.xml b/config/standalone/dev/standalone.xml index b1c1d65a..7f700bec 100644 --- a/config/standalone/dev/standalone.xml +++ b/config/standalone/dev/standalone.xml @@ -70,8 +70,6 @@ - -