Allow for easier subclassing for Console and Enduser
diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
index 3aa49b6..1ae3d19 100644
--- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
+++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
@@ -135,6 +135,56 @@
this.policyTabProviders = policyTabProviders;
}
+ protected SyncopeUIRequestCycleListener buildSyncopeUIRequestCycleListener() {
+ return new SyncopeUIRequestCycleListener() {
+
+ @Override
+ protected boolean isSignedIn() {
+ return SyncopeConsoleSession.get().isSignedIn();
+ }
+
+ @Override
+ protected void invalidateSession() {
+ SyncopeConsoleSession.get().invalidate();
+ }
+
+ @Override
+ protected IRequestablePage getErrorPage(final PageParameters errorParameters) {
+ return new Login(errorParameters);
+ }
+ };
+ }
+
+ protected void initSecurity() {
+ if (props.isxForward()) {
+ XForwardedRequestWrapperFactory.Config config = new XForwardedRequestWrapperFactory.Config();
+ config.setProtocolHeader(props.getxForwardProtocolHeader());
+ config.setHttpServerPort(props.getxForwardHttpPort());
+ config.setHttpsServerPort(props.getxForwardHttpsPort());
+
+ XForwardedRequestWrapperFactory factory = new XForwardedRequestWrapperFactory();
+ factory.setConfig(config);
+ getFilterFactoryManager().add(factory);
+ }
+
+ if (props.isCsrf()) {
+ getRequestCycleListeners().add(new WebSocketAwareResourceIsolationRequestCycleListener());
+ }
+
+ getCspSettings().blocking().unsafeInline();
+
+ getRequestCycleListeners().add(new IRequestCycleListener() {
+
+ @Override
+ public void onEndRequest(final RequestCycle cycle) {
+ if (cycle.getResponse() instanceof WebResponse && !(cycle.getResponse() instanceof WebSocketResponse)) {
+ props.getSecurityHeaders().
+ forEach((name, value) -> ((WebResponse) cycle.getResponse()).setHeader(name, value));
+ }
+ }
+ });
+ }
+
@Override
protected void init() {
super.init();
@@ -160,50 +210,9 @@
getMarkupSettings().setStripWicketTags(true);
getMarkupSettings().setCompressWhitespace(true);
- getRequestCycleListeners().add(new SyncopeUIRequestCycleListener() {
+ getRequestCycleListeners().add(buildSyncopeUIRequestCycleListener());
- @Override
- protected boolean isSignedIn() {
- return SyncopeConsoleSession.get().isSignedIn();
- }
-
- @Override
- protected void invalidateSession() {
- SyncopeConsoleSession.get().invalidate();
- }
-
- @Override
- protected IRequestablePage getErrorPage(final PageParameters errorParameters) {
- return new Login(errorParameters);
- }
- });
-
- if (props.isxForward()) {
- XForwardedRequestWrapperFactory.Config config = new XForwardedRequestWrapperFactory.Config();
- config.setProtocolHeader(props.getxForwardProtocolHeader());
- config.setHttpServerPort(props.getxForwardHttpPort());
- config.setHttpsServerPort(props.getxForwardHttpsPort());
-
- XForwardedRequestWrapperFactory factory = new XForwardedRequestWrapperFactory();
- factory.setConfig(config);
- getFilterFactoryManager().add(factory);
- }
-
- if (props.isCsrf()) {
- getRequestCycleListeners().add(new WebSocketAwareResourceIsolationRequestCycleListener());
- }
-
- getRequestCycleListeners().add(new IRequestCycleListener() {
-
- @Override
- public void onEndRequest(final RequestCycle cycle) {
- if (cycle.getResponse() instanceof WebResponse && !(cycle.getResponse() instanceof WebSocketResponse)) {
- props.getSecurityHeaders().
- forEach((name, value) -> ((WebResponse) cycle.getResponse()).setHeader(name, value));
- }
- }
- });
- getCspSettings().blocking().unsafeInline();
+ initSecurity();
mountPage("/login", getSignInPageClass());
diff --git a/client/idrepo/console/src/main/resources/console.properties b/client/idrepo/console/src/main/resources/console.properties
index ca80121..bb85bed 100644
--- a/client/idrepo/console/src/main/resources/console.properties
+++ b/client/idrepo/console/src/main/resources/console.properties
@@ -79,7 +79,6 @@
console.security-headers.Strict-Transport-Security=max-age=31536000; includeSubDomains; preload
console.security-headers.X-Content-Type-Options=nosniff
console.security-headers.X-Frame-Options=sameorigin
-#console.security-headers.Content-Security-Policy=default-src https:
##
# Disable CGLib Proxies
diff --git a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
index 887baf9..824bcc5 100644
--- a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
+++ b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
@@ -98,6 +98,56 @@
this.serviceOps = serviceOps;
}
+ protected SyncopeUIRequestCycleListener buildSyncopeUIRequestCycleListener() {
+ return new SyncopeUIRequestCycleListener() {
+
+ @Override
+ protected boolean isSignedIn() {
+ return SyncopeEnduserSession.get().isAuthenticated();
+ }
+
+ @Override
+ protected void invalidateSession() {
+ SyncopeEnduserSession.get().invalidate();
+ }
+
+ @Override
+ protected IRequestablePage getErrorPage(final PageParameters errorParameters) {
+ return new Login(errorParameters);
+ }
+ };
+ }
+
+ protected void initSecurity() {
+ if (props.isxForward()) {
+ XForwardedRequestWrapperFactory.Config config = new XForwardedRequestWrapperFactory.Config();
+ config.setProtocolHeader(props.getxForwardProtocolHeader());
+ config.setHttpServerPort(props.getxForwardHttpPort());
+ config.setHttpsServerPort(props.getxForwardHttpsPort());
+
+ XForwardedRequestWrapperFactory factory = new XForwardedRequestWrapperFactory();
+ factory.setConfig(config);
+ getFilterFactoryManager().add(factory);
+ }
+
+ if (props.isCsrf()) {
+ getRequestCycleListeners().add(new ResourceIsolationRequestCycleListener());
+ }
+
+ getCspSettings().blocking().unsafeInline();
+
+ getRequestCycleListeners().add(new IRequestCycleListener() {
+
+ @Override
+ public void onEndRequest(final RequestCycle cycle) {
+ if (cycle.getResponse() instanceof WebResponse) {
+ props.getSecurityHeaders().
+ forEach((name, value) -> ((WebResponse) cycle.getResponse()).setHeader(name, value));
+ }
+ }
+ });
+ }
+
@Override
protected void init() {
super.init();
@@ -120,50 +170,9 @@
getMarkupSettings().setStripWicketTags(true);
getMarkupSettings().setCompressWhitespace(true);
- getRequestCycleListeners().add(new SyncopeUIRequestCycleListener() {
+ getRequestCycleListeners().add(buildSyncopeUIRequestCycleListener());
- @Override
- protected boolean isSignedIn() {
- return SyncopeEnduserSession.get().isAuthenticated();
- }
-
- @Override
- protected void invalidateSession() {
- SyncopeEnduserSession.get().invalidate();
- }
-
- @Override
- protected IRequestablePage getErrorPage(final PageParameters errorParameters) {
- return new Login(errorParameters);
- }
- });
-
- if (props.isxForward()) {
- XForwardedRequestWrapperFactory.Config config = new XForwardedRequestWrapperFactory.Config();
- config.setProtocolHeader(props.getxForwardProtocolHeader());
- config.setHttpServerPort(props.getxForwardHttpPort());
- config.setHttpsServerPort(props.getxForwardHttpsPort());
-
- XForwardedRequestWrapperFactory factory = new XForwardedRequestWrapperFactory();
- factory.setConfig(config);
- getFilterFactoryManager().add(factory);
- }
-
- if (props.isCsrf()) {
- getRequestCycleListeners().add(new ResourceIsolationRequestCycleListener());
- }
-
- getRequestCycleListeners().add(new IRequestCycleListener() {
-
- @Override
- public void onEndRequest(final RequestCycle cycle) {
- if (cycle.getResponse() instanceof WebResponse) {
- props.getSecurityHeaders().
- forEach((name, value) -> ((WebResponse) cycle.getResponse()).setHeader(name, value));
- }
- }
- });
- getCspSettings().blocking().unsafeInline();
+ initSecurity();
// Confirm password reset page
mountPage("/confirmpasswordreset", SelfConfirmPasswordReset.class);
diff --git a/client/idrepo/enduser/src/main/resources/enduser.properties b/client/idrepo/enduser/src/main/resources/enduser.properties
index d42a7e9..2c1e1c5 100644
--- a/client/idrepo/enduser/src/main/resources/enduser.properties
+++ b/client/idrepo/enduser/src/main/resources/enduser.properties
@@ -70,7 +70,6 @@
enduser.security.headers.Strict-Transport-Security=max-age=31536000; includeSubDomains; preload
enduser.security.headers.X-Content-Type-Options=nosniff
enduser.security.headers.X-Frame-Options=sameorigin
-#enduser.security.headers.Content-Security-Policy=default-src https:
##
# Disable CGLib Proxies