From 3faea31be5ddc030468097f67c562203357b698b Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Sat, 2 Nov 2024 09:55:48 +0300 Subject: [PATCH 01/11] SUPPORT-8604: Fix --- .../ervu/security/esia/service/UlDataServiceImpl.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java index 59e2563f..9689746b 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java @@ -245,8 +245,10 @@ public class UlDataServiceImpl implements UlDataService { JsonNode elementsNode = rootNode.path("elements"); StringBuilder names = new StringBuilder(); for (JsonNode element : elementsNode) { - String name = element.path("name").asText(); - names.append(name).append("\n"); + if (element.path("itSystem").asText().equals(esiaConfig.getClientId())) { + String name = element.path("name").asText(); + names.append(name).append("\n"); + } } return names.toString(); } From 1277a497622b0168fa5f1698b91703ac89fbbb6b Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Fri, 8 Nov 2024 09:57:13 +0300 Subject: [PATCH 02/11] SUPPORT-8660: Fix --- .../kafka/controller/ErvuKafkaController.java | 14 ++++++++- .../micord/ervu/kafka/model/ExcerptData.java | 31 +++++++++++++++++++ .../ervu/kafka/model/ExcerptResponse.java | 31 ++++++++++++------- 3 files changed, 63 insertions(+), 13 deletions(-) create mode 100644 backend/src/main/java/ru/micord/ervu/kafka/model/ExcerptData.java diff --git a/backend/src/main/java/ru/micord/ervu/kafka/controller/ErvuKafkaController.java b/backend/src/main/java/ru/micord/ervu/kafka/controller/ErvuKafkaController.java index 6fde739e..43dfbf98 100644 --- a/backend/src/main/java/ru/micord/ervu/kafka/controller/ErvuKafkaController.java +++ b/backend/src/main/java/ru/micord/ervu/kafka/controller/ErvuKafkaController.java @@ -1,10 +1,13 @@ package ru.micord.ervu.kafka.controller; +import java.lang.invoke.MethodHandles; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import com.fasterxml.jackson.databind.ObjectMapper; import ervu.client.fileupload.WebDavClient; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.io.Resource; @@ -22,6 +25,7 @@ import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; */ @RestController public class ErvuKafkaController { + private static final Logger LOGGER = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); @Autowired private ReplyingKafkaService replyingKafkaService; @@ -56,7 +60,15 @@ public class ErvuKafkaController { objectMapper.writeValueAsString(data) ); ExcerptResponse excerptResponse = objectMapper.readValue(kafkaResponse, ExcerptResponse.class); - return webDavClient.webDavDownloadFile(excerptResponse.getFileUrl()); + if (!excerptResponse.getSuccess()) { + LOGGER.error(excerptResponse.getMessage()); + return ResponseEntity.internalServerError().build(); + } + else if (excerptResponse.getData() == null || excerptResponse.getData().getFileUrl() == null + || excerptResponse.getData().getFileUrl().isEmpty()) { + return ResponseEntity.noContent().build(); + } + return webDavClient.webDavDownloadFile(excerptResponse.getData().getFileUrl()); } catch (Exception e) { throw new RuntimeException(e); diff --git a/backend/src/main/java/ru/micord/ervu/kafka/model/ExcerptData.java b/backend/src/main/java/ru/micord/ervu/kafka/model/ExcerptData.java new file mode 100644 index 00000000..abaf20f2 --- /dev/null +++ b/backend/src/main/java/ru/micord/ervu/kafka/model/ExcerptData.java @@ -0,0 +1,31 @@ +package ru.micord.ervu.kafka.model; + +import java.io.Serializable; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +/** + * @author Eduard Tihomirov + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class ExcerptData implements Serializable { + private static final long serialVersionUID = 1L; + private String orgId; + private String fileUrl; + + public String getOrgId() { + return orgId; + } + + public void setOrgId(String orgId) { + this.orgId = orgId; + } + + public String getFileUrl() { + return fileUrl; + } + + public void setFileUrl(String fileUrl) { + this.fileUrl = fileUrl; + } +} diff --git a/backend/src/main/java/ru/micord/ervu/kafka/model/ExcerptResponse.java b/backend/src/main/java/ru/micord/ervu/kafka/model/ExcerptResponse.java index b0d79c7e..d988d76d 100644 --- a/backend/src/main/java/ru/micord/ervu/kafka/model/ExcerptResponse.java +++ b/backend/src/main/java/ru/micord/ervu/kafka/model/ExcerptResponse.java @@ -9,24 +9,31 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; @JsonIgnoreProperties(ignoreUnknown = true) public class ExcerptResponse implements Serializable { private static final long serialVersionUID = 1L; + private boolean success; + private String message; + private ExcerptData data; - private String orgId; - - private String fileUrl; - - public String getOrgId() { - return orgId; + public boolean getSuccess() { + return success; } - public void setOrgId(String orgId) { - this.orgId = orgId; + public void setSuccess(boolean success) { + this.success = success; } - public String getFileUrl() { - return fileUrl; + public String getMessage() { + return message; } - public void setFileUrl(String fileUrl) { - this.fileUrl = fileUrl; + public void setMessage(String message) { + this.message = message; + } + + public ExcerptData getData() { + return data; + } + + public void setData(ExcerptData data) { + this.data = data; } } From 667d554d8346849cc86da8ef35c2c7467d3a4b6a Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Fri, 8 Nov 2024 11:15:17 +0300 Subject: [PATCH 03/11] SUPPORT-8660: Fix --- .../ru/micord/ervu/kafka/controller/ErvuKafkaController.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/kafka/controller/ErvuKafkaController.java b/backend/src/main/java/ru/micord/ervu/kafka/controller/ErvuKafkaController.java index 43dfbf98..a0590d0e 100644 --- a/backend/src/main/java/ru/micord/ervu/kafka/controller/ErvuKafkaController.java +++ b/backend/src/main/java/ru/micord/ervu/kafka/controller/ErvuKafkaController.java @@ -61,8 +61,7 @@ public class ErvuKafkaController { ); ExcerptResponse excerptResponse = objectMapper.readValue(kafkaResponse, ExcerptResponse.class); if (!excerptResponse.getSuccess()) { - LOGGER.error(excerptResponse.getMessage()); - return ResponseEntity.internalServerError().build(); + throw new RuntimeException("Error with getting excerpt url " + excerptResponse.getMessage()); } else if (excerptResponse.getData() == null || excerptResponse.getData().getFileUrl() == null || excerptResponse.getData().getFileUrl().isEmpty()) { From 99166929f900370be337bb91edf5e47bcd3e09e8 Mon Sep 17 00:00:00 2001 From: "m.epshtein" Date: Thu, 14 Nov 2024 17:44:25 +0300 Subject: [PATCH 04/11] title --- frontend/src/resources/css/components-lkrp.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/resources/css/components-lkrp.css b/frontend/src/resources/css/components-lkrp.css index 562e1c96..01e72536 100644 --- a/frontend/src/resources/css/components-lkrp.css +++ b/frontend/src/resources/css/components-lkrp.css @@ -51,7 +51,7 @@ .webbpm.ervu_lkrp_ul .title { font-size: var(--size-text-title); - font-family: 'InterSB'; + font-family: 'InterB'; padding-top: 0; padding-bottom: var(--indent-medium); } From 820ac4d26ca386f0a5d708f462d93cbab4e4b3a1 Mon Sep 17 00:00:00 2001 From: "m.epshtein" Date: Thu, 14 Nov 2024 17:44:31 +0300 Subject: [PATCH 05/11] Merge branch 'feature/SUPPORT-8704' of 10.10.31.70:/ervu-lkrp-ul into feature/SUPPORT-8704 --- .../business-model/Информация об организации.page | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/resources/src/main/resources/business-model/Информация об организации.page b/resources/src/main/resources/business-model/Информация об организации.page index 194fc5dc..2f0dc327 100644 --- a/resources/src/main/resources/business-model/Информация об организации.page +++ b/resources/src/main/resources/business-model/Информация об организации.page @@ -432,16 +432,7 @@ HB true false - - - - visible - - false - - - - + From 99e00e4e2f630592b28af11f91952a1d306b55f3 Mon Sep 17 00:00:00 2001 From: "m.epshtein" Date: Thu, 14 Nov 2024 18:05:25 +0300 Subject: [PATCH 06/11] fix --- frontend/src/resources/css/components-lkrp.css | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/frontend/src/resources/css/components-lkrp.css b/frontend/src/resources/css/components-lkrp.css index 01e72536..efca90b4 100644 --- a/frontend/src/resources/css/components-lkrp.css +++ b/frontend/src/resources/css/components-lkrp.css @@ -279,6 +279,10 @@ white-space: nowrap; } +.webbpm.ervu_lkrp_ul .data-group .description { + color: var(--color-text-secondary); +} + .webbpm.ervu_lkrp_ul .pin + .pin { margin-top: 12px; } @@ -923,3 +927,13 @@ .webbpm.ervu_lkrp_ul .dialog-link { cursor: pointer; } + +.webbpm.ervu_lkrp_ul #mydata .data-group:first-child .subtitle { + margin-bottom: 0; +} +.webbpm.ervu_lkrp_ul #mydata .right-block field-set:first-child .fieldset { + padding-top: 24px; +} +.webbpm.ervu_lkrp_ul #mydata .right-block field-set:first-child .fieldset::before { + display: none; +} \ No newline at end of file From 89453f9124b52632c09c5c1089d588d5e2c35e72 Mon Sep 17 00:00:00 2001 From: "r.gaztdinov" Date: Mon, 18 Nov 2024 15:06:19 +0300 Subject: [PATCH 07/11] +subtitle, description --- .../business-model/Информация об организации.page | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/resources/src/main/resources/business-model/Информация об организации.page b/resources/src/main/resources/business-model/Информация об организации.page index 2f0dc327..76228a3e 100644 --- a/resources/src/main/resources/business-model/Информация об организации.page +++ b/resources/src/main/resources/business-model/Информация об организации.page @@ -288,7 +288,7 @@ - "font-bold" + "subtitle" @@ -338,7 +338,7 @@ - "font-bold" + "description" @@ -601,7 +601,7 @@ - "font-bold" + "subtitle" @@ -1152,7 +1152,7 @@ - "font-bold" + "subtitle" From d26799c63039d86128c7055029ba352520b77092 Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Tue, 19 Nov 2024 11:24:44 +0300 Subject: [PATCH 08/11] fix EsiaError --- frontend/src/ts/modules/security/EsiaErrorDetail.ts | 4 ++-- frontend/src/ts/modules/security/guard/auth.guard.ts | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/frontend/src/ts/modules/security/EsiaErrorDetail.ts b/frontend/src/ts/modules/security/EsiaErrorDetail.ts index 9447f3fc..4c774fe4 100644 --- a/frontend/src/ts/modules/security/EsiaErrorDetail.ts +++ b/frontend/src/ts/modules/security/EsiaErrorDetail.ts @@ -1,4 +1,4 @@ -class EsiaErrorDetail { +export class EsiaErrorDetail { private static errors: { [code: string]: string } = { 'ESIA-007071': 'Запрос персональных данных по физическим лицам может быть выполнен только с указанием согласий', 'ESIA-007055': 'Вход в систему осуществляется с неподтвержденной учетной записью', @@ -6,7 +6,7 @@ class EsiaErrorDetail { 'ESIA-007008': 'Сервис авторизации в настоящее время не может выполнить запрос из-за большой нагрузки или технических работ на сервере', }; - static getDescription(code: string): string { + public static getDescription(code: string): string { return this.errors[code] || 'Доступ запрещен. Обратитесь к системному администратору. Ошибка ' + code; } } \ No newline at end of file diff --git a/frontend/src/ts/modules/security/guard/auth.guard.ts b/frontend/src/ts/modules/security/guard/auth.guard.ts index c65b84ab..26105934 100644 --- a/frontend/src/ts/modules/security/guard/auth.guard.ts +++ b/frontend/src/ts/modules/security/guard/auth.guard.ts @@ -4,6 +4,7 @@ import {Observable} from "rxjs"; import {HttpClient, HttpParams} from "@angular/common/http"; import {MessagesService} from "@webbpm/base-package"; import {AuthenticationService} from "../authentication.service"; +import {EsiaErrorDetail} from "../EsiaErrorDetail"; @Injectable({providedIn:'root'}) export abstract class AuthGuard implements CanActivate { From 7f1793262d73c9dddf6077312220edbba93eabfd Mon Sep 17 00:00:00 2001 From: kochetkov Date: Wed, 20 Nov 2024 10:29:24 +0300 Subject: [PATCH 09/11] SUPPORT-8609 fix --- .../micord/ervu/security/SecurityConfig.java | 35 +++++---- .../esia/service/EsiaAuthService.java | 23 +++--- .../security/listener/JwtUpdateListener.java | 72 +++++++++++++++++++ 3 files changed, 105 insertions(+), 25 deletions(-) create mode 100644 backend/src/main/java/ru/micord/ervu/security/listener/JwtUpdateListener.java diff --git a/backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java b/backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java index 0c5a10bf..5f088eaa 100644 --- a/backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java +++ b/backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java @@ -13,6 +13,7 @@ import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.logout.LogoutFilter; +import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; import org.springframework.security.web.csrf.CsrfTokenRequestHandler; import org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler; @@ -49,31 +50,22 @@ public class SecurityConfig { } @Bean - public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - httpConfigure(http); - http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); - http.addFilterBefore(new RequestContextFilter(), LogoutFilter.class); - http.addFilterAfter(filterChainExceptionHandler, RequestContextFilter.class); - return http.build(); - } - - protected void httpConfigure(HttpSecurity httpSecurity) throws Exception { - CookieCsrfTokenRepository tokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse(); - tokenRepository.setCookieName(TokenConstants.CSRF_TOKEN_NAME); - tokenRepository.setHeaderName(TokenConstants.CSRF_HEADER_NAME); - tokenRepository.setCookiePath("/"); + public SecurityFilterChain filterChain(HttpSecurity http, + CookieCsrfTokenRepository tokenRepository) + throws Exception { XorCsrfTokenRequestAttributeHandler delegate = new XorCsrfTokenRequestAttributeHandler(); delegate.setCsrfRequestAttributeName(null); // Use only the handle() method of XorCsrfTokenRequestAttributeHandler and the // default implementation of resolveCsrfTokenValue() from CsrfTokenRequestHandler CsrfTokenRequestHandler requestHandler = delegate::handle; - httpSecurity.authorizeHttpRequests( + http.authorizeHttpRequests( (authorizeHttpRequests) -> authorizeHttpRequests.requestMatchers(PERMIT_ALL) .permitAll() .anyRequest() .authenticated()) .csrf((csrf) -> csrf.csrfTokenRepository(tokenRepository) - .csrfTokenRequestHandler(requestHandler)) + .csrfTokenRequestHandler(requestHandler) + .sessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy())) .logout((logout) -> logout.logoutUrl(ESIA_LOGOUT) .logoutSuccessHandler(new LogoutSuccessHandler(tokenRepository, esiaAuthService))) .exceptionHandling() @@ -81,6 +73,19 @@ public class SecurityConfig { .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); + http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); + http.addFilterBefore(new RequestContextFilter(), LogoutFilter.class); + http.addFilterAfter(filterChainExceptionHandler, RequestContextFilter.class); + return http.build(); + } + + @Bean + public CookieCsrfTokenRepository cookieCsrfTokenRepository() { + CookieCsrfTokenRepository tokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse(); + tokenRepository.setCookieName(TokenConstants.CSRF_TOKEN_NAME); + tokenRepository.setHeaderName(TokenConstants.CSRF_HEADER_NAME); + tokenRepository.setCookiePath("/"); + return tokenRepository; } public AuthenticationEntryPoint entryPoint() { diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 55b24209..9d7a6d27 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse; import com.fasterxml.jackson.databind.ObjectMapper; import ervu.service.okopf.OkopfService; +import org.springframework.security.authentication.AuthenticationManager; import ru.micord.ervu.security.esia.token.TokensStore; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -50,7 +51,6 @@ import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication; import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper; import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; import ru.micord.ervu.security.webbpm.jwt.model.Token; -import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil; /** * @author Eduard Tihomirov @@ -72,6 +72,8 @@ public class EsiaAuthService { private OkopfService okopfService; @Autowired private SecurityHelper securityHelper; + @Autowired + private AuthenticationManager authenticationManager; @Value("${ervu.kafka.org.reply.topic}") private String requestReplyTopic; @@ -211,16 +213,16 @@ public class EsiaAuthService { if (tokenResponse.getError() != null) { throw new RuntimeException(tokenResponse.getError_description()); } - String accessToken = tokenResponse.getAccess_token(); + String esiaAccessTokenStr = tokenResponse.getAccess_token(); + String esiaRefreshTokenStr = tokenResponse.getRefresh_token(); - boolean hasRole = ulDataService.checkRole(accessToken); - EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken); + boolean hasRole = ulDataService.checkRole(esiaAccessTokenStr); + EsiaAccessToken esiaAccessToken = ulDataService.readToken(esiaAccessTokenStr); String prnOid = esiaAccessToken.getSbj_id(); - String refreshToken = tokenResponse.getRefresh_token(); - String ervuId = getErvuId(accessToken, prnOid); + String ervuId = getErvuId(esiaAccessTokenStr, prnOid); Long expiresIn = tokenResponse.getExpires_in(); - TokensStore.addAccessToken(prnOid, accessToken, expiresIn); - TokensStore.addRefreshToken(prnOid, refreshToken, expiresIn); + TokensStore.addAccessToken(prnOid, esiaAccessTokenStr, expiresIn); + TokensStore.addRefreshToken(prnOid, esiaRefreshTokenStr, expiresIn); Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), expiresIn, ervuId, hasRole); int expiry = tokenResponse.getExpires_in().intValue(); Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiry); @@ -228,9 +230,10 @@ public class EsiaAuthService { UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null); SecurityContext context = SecurityContextHolder.createEmptyContext(); - JwtAuthentication authentication = new JwtAuthentication(usernamePasswordAuthenticationToken, + JwtAuthentication jwtAuthentication = new JwtAuthentication(usernamePasswordAuthenticationToken, esiaAccessToken.getSbj_id(), token.getValue()); - context.setAuthentication(authentication); + authenticationManager.authenticate(jwtAuthentication); + context.setAuthentication(jwtAuthentication); SecurityContextHolder.setContext(context); Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiry); response.addCookie(authMarkerCookie); diff --git a/backend/src/main/java/ru/micord/ervu/security/listener/JwtUpdateListener.java b/backend/src/main/java/ru/micord/ervu/security/listener/JwtUpdateListener.java new file mode 100644 index 00000000..0709b6ac --- /dev/null +++ b/backend/src/main/java/ru/micord/ervu/security/listener/JwtUpdateListener.java @@ -0,0 +1,72 @@ +package ru.micord.ervu.security.listener; + +import java.lang.invoke.MethodHandles; +import java.util.Arrays; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationListener; +import org.springframework.security.authentication.event.AuthenticationSuccessEvent; +import org.springframework.security.web.csrf.CsrfTokenRepository; +import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler; +import org.springframework.security.web.csrf.CsrfTokenRequestHandler; +import org.springframework.security.web.csrf.DeferredCsrfToken; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.stereotype.Component; +import org.springframework.util.Assert; +import org.springframework.web.context.request.RequestAttributes; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import static org.springframework.web.context.request.RequestAttributes.REFERENCE_REQUEST; + + +@Component +public class JwtUpdateListener implements ApplicationListener { + private final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); + + private final CsrfTokenRepository tokenRepository; + private final Set csrfUpdateRequiredPathMatchers; + + private CsrfTokenRequestHandler requestHandler = new CsrfTokenRequestAttributeHandler(); + + @Autowired + public JwtUpdateListener(CsrfTokenRepository tokenRepository) { + Assert.notNull(tokenRepository, "tokenRepository cannot be null"); + this.tokenRepository = tokenRepository; + this.csrfUpdateRequiredPathMatchers = Arrays.stream(new String[] {"/esia/auth"}) + .map(AntPathRequestMatcher::new) + .collect(Collectors.toSet()); + } + + @Override + public void onApplicationEvent(AuthenticationSuccessEvent event) { + RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes(); + HttpServletRequest request = (HttpServletRequest) Objects.requireNonNull(requestAttributes) + .resolveReference( + REFERENCE_REQUEST); + HttpServletResponse response = ((ServletRequestAttributes) requestAttributes).getResponse(); + + //if csrf cookie update is not required return + if (this.csrfUpdateRequiredPathMatchers.stream() + .noneMatch(matcher -> matcher.matches(request))) { + return; + } + boolean containsToken = this.tokenRepository.loadToken(request) != null; + + if (containsToken) { + this.tokenRepository.saveToken(null, request, response); + DeferredCsrfToken deferredCsrfToken = this.tokenRepository.loadDeferredToken(request, + response + ); + this.requestHandler.handle(request, response, deferredCsrfToken::get); + this.logger.debug("Replaced CSRF Token"); + } + } +} From f7f41fe8eed7a60e97b594de94de9206d3ba956b Mon Sep 17 00:00:00 2001 From: Zaripov Emil Date: Wed, 20 Nov 2024 11:12:34 +0300 Subject: [PATCH 10/11] set version 1.9.1-SNAPSHOT --- backend/pom.xml | 2 +- distribution/pom.xml | 2 +- frontend/pom.xml | 2 +- pom.xml | 2 +- resources/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/pom.xml b/backend/pom.xml index c89fc2c9..cc18978d 100644 --- a/backend/pom.xml +++ b/backend/pom.xml @@ -5,7 +5,7 @@ ru.micord.ervu.lkrp ul - 1.9.2-SNAPSHOT + 1.9.1-SNAPSHOT ru.micord.ervu.lkrp.ul backend diff --git a/distribution/pom.xml b/distribution/pom.xml index 8117ae4a..d40eea86 100644 --- a/distribution/pom.xml +++ b/distribution/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu.lkrp ul - 1.9.2-SNAPSHOT + 1.9.1-SNAPSHOT ru.micord.ervu.lkrp.ul diff --git a/frontend/pom.xml b/frontend/pom.xml index 5e343729..23a212cf 100644 --- a/frontend/pom.xml +++ b/frontend/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu.lkrp ul - 1.9.2-SNAPSHOT + 1.9.1-SNAPSHOT ru.micord.ervu.lkrp.ul diff --git a/pom.xml b/pom.xml index 0d97a95f..5ea178e3 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 ru.micord.ervu.lkrp ul - 1.9.2-SNAPSHOT + 1.9.1-SNAPSHOT pom backend diff --git a/resources/pom.xml b/resources/pom.xml index e2bf5fa1..278998a4 100644 --- a/resources/pom.xml +++ b/resources/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu.lkrp ul - 1.9.2-SNAPSHOT + 1.9.1-SNAPSHOT ru.micord.ervu.lkrp.ul From 82992acb5041cdc522306858e8d785b7f9de2133 Mon Sep 17 00:00:00 2001 From: Zaripov Emil Date: Wed, 20 Nov 2024 11:14:23 +0300 Subject: [PATCH 11/11] set version 1.9.1 --- backend/pom.xml | 2 +- distribution/pom.xml | 2 +- frontend/pom.xml | 2 +- pom.xml | 2 +- resources/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/pom.xml b/backend/pom.xml index cc18978d..05df6ea0 100644 --- a/backend/pom.xml +++ b/backend/pom.xml @@ -5,7 +5,7 @@ ru.micord.ervu.lkrp ul - 1.9.1-SNAPSHOT + 1.9.1 ru.micord.ervu.lkrp.ul backend diff --git a/distribution/pom.xml b/distribution/pom.xml index d40eea86..64a5bcc2 100644 --- a/distribution/pom.xml +++ b/distribution/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu.lkrp ul - 1.9.1-SNAPSHOT + 1.9.1 ru.micord.ervu.lkrp.ul diff --git a/frontend/pom.xml b/frontend/pom.xml index 23a212cf..6d7635e7 100644 --- a/frontend/pom.xml +++ b/frontend/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu.lkrp ul - 1.9.1-SNAPSHOT + 1.9.1 ru.micord.ervu.lkrp.ul diff --git a/pom.xml b/pom.xml index 5ea178e3..57e93ce9 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 ru.micord.ervu.lkrp ul - 1.9.1-SNAPSHOT + 1.9.1 pom backend diff --git a/resources/pom.xml b/resources/pom.xml index 278998a4..5f78ecf5 100644 --- a/resources/pom.xml +++ b/resources/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu.lkrp ul - 1.9.1-SNAPSHOT + 1.9.1 ru.micord.ervu.lkrp.ul