You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2019/11/26 10:46:39 UTC
[syncope] branch master updated: [SYNCOPE-1518] Conditionally
enabling Wicket's XForwardedRequestWrapperFactory
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 88c7f73 [SYNCOPE-1518] Conditionally enabling Wicket's XForwardedRequestWrapperFactory
88c7f73 is described below
commit 88c7f73e154a2de4bd6653c715528135e4a13274
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Tue Nov 26 11:29:21 2019 +0100
[SYNCOPE-1518] Conditionally enabling Wicket's XForwardedRequestWrapperFactory
---
.../org/apache/syncope/client/console/SyncopeWebApplication.java | 5 +++++
client/idrepo/console/src/main/resources/console.properties | 1 +
.../org/apache/syncope/client/enduser/SyncopeWebApplication.java | 5 +++++
client/idrepo/enduser/src/main/resources/enduser.properties | 1 +
fit/console-reference/src/main/resources/console.properties | 1 +
fit/core-reference/src/test/resources/console.properties | 1 +
fit/core-reference/src/test/resources/enduser.properties | 1 +
fit/enduser-reference/src/main/resources/enduser.properties | 1 +
8 files changed, 16 insertions(+)
diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
index 41f69d9..0b1cdb7 100644
--- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
+++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
@@ -49,6 +49,7 @@ import org.apache.wicket.authroles.authentication.AuthenticatedWebSession;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.protocol.http.WebApplication;
+import org.apache.wicket.protocol.http.servlet.XForwardedRequestWrapperFactory;
import org.apache.wicket.protocol.ws.WebSocketAwareCsrfPreventionRequestCycleListener;
import org.apache.wicket.protocol.ws.api.WebSocketResponse;
import org.apache.wicket.request.cycle.RequestCycle;
@@ -248,6 +249,10 @@ public class SyncopeWebApplication extends WicketBootSecuredWebApplication {
}
});
+ if (BooleanUtils.toBoolean(props.getProperty("x-forward"))) {
+ getFilterFactoryManager().add(new XForwardedRequestWrapperFactory());
+ }
+
if (BooleanUtils.toBoolean(props.getProperty("csrf"))) {
getRequestCycleListeners().add(new WebSocketAwareCsrfPreventionRequestCycleListener());
}
diff --git a/client/idrepo/console/src/main/resources/console.properties b/client/idrepo/console/src/main/resources/console.properties
index c68e3ba..06c08b9 100644
--- a/client/idrepo/console/src/main/resources/console.properties
+++ b/client/idrepo/console/src/main/resources/console.properties
@@ -43,6 +43,7 @@ topology.corePoolSize=10
topology.maxPoolSize=20
topology.queueCapacity=50
+x-forward=true
csrf=true
security.headers.X-XSS-Protection=1; mode=block
diff --git a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
index 63b6654..1794cb5 100644
--- a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
+++ b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
@@ -66,6 +66,7 @@ import org.apache.wicket.markup.html.IHeaderContributor;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener;
import org.apache.wicket.protocol.http.WebApplication;
+import org.apache.wicket.protocol.http.servlet.XForwardedRequestWrapperFactory;
import org.apache.wicket.request.Request;
import org.apache.wicket.request.Response;
import org.apache.wicket.request.component.IRequestablePage;
@@ -299,6 +300,10 @@ public class SyncopeWebApplication extends WicketBootStandardWebApplication {
});
+ if (BooleanUtils.toBoolean(props.getProperty("x-forward"))) {
+ getFilterFactoryManager().add(new XForwardedRequestWrapperFactory());
+ }
+
if (BooleanUtils.toBoolean(props.getProperty("csrf"))) {
getRequestCycleListeners().add(new CsrfPreventionRequestCycleListener());
}
diff --git a/client/idrepo/enduser/src/main/resources/enduser.properties b/client/idrepo/enduser/src/main/resources/enduser.properties
index 27e3053..1d62418 100644
--- a/client/idrepo/enduser/src/main/resources/enduser.properties
+++ b/client/idrepo/enduser/src/main/resources/enduser.properties
@@ -22,6 +22,7 @@ adminUser=${adminUser}
useGZIPCompression=true
maxUploadFileSizeMB=5
+x-forward=true
captcha=true
csrf=true
diff --git a/fit/console-reference/src/main/resources/console.properties b/fit/console-reference/src/main/resources/console.properties
index 0b51e78..c8ece6f 100644
--- a/fit/console-reference/src/main/resources/console.properties
+++ b/fit/console-reference/src/main/resources/console.properties
@@ -43,6 +43,7 @@ topology.corePoolSize=50
topology.maxPoolSize=100
topology.queueCapacity=10
+x-forward=true
csrf=true
security.headers.X-XSS-Protection=1; mode=block
diff --git a/fit/core-reference/src/test/resources/console.properties b/fit/core-reference/src/test/resources/console.properties
index 0c6250c..2162ddb 100644
--- a/fit/core-reference/src/test/resources/console.properties
+++ b/fit/core-reference/src/test/resources/console.properties
@@ -43,6 +43,7 @@ executor.corePoolSize=50
executor.maxPoolSize=100
executor.queueCapacity=10
+x-forward=true
csrf=false
security.headers.X-XSS-Protection=1; mode=block
diff --git a/fit/core-reference/src/test/resources/enduser.properties b/fit/core-reference/src/test/resources/enduser.properties
index fc07dfa..6c48a20 100644
--- a/fit/core-reference/src/test/resources/enduser.properties
+++ b/fit/core-reference/src/test/resources/enduser.properties
@@ -21,6 +21,7 @@ anonymousKey=${anonymousKey}
adminUser=${adminUser}
useGZIPCompression=true
+x-forward=true
captcha=false
csrf=false
diff --git a/fit/enduser-reference/src/main/resources/enduser.properties b/fit/enduser-reference/src/main/resources/enduser.properties
index 27e3053..1d62418 100644
--- a/fit/enduser-reference/src/main/resources/enduser.properties
+++ b/fit/enduser-reference/src/main/resources/enduser.properties
@@ -22,6 +22,7 @@ adminUser=${adminUser}
useGZIPCompression=true
maxUploadFileSizeMB=5
+x-forward=true
captcha=true
csrf=true