1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.sra.security;
20
21 import java.util.Set;
22 import java.util.concurrent.ConcurrentHashMap;
23 import org.apache.syncope.common.lib.to.SRARouteTO;
24 import org.springframework.cloud.gateway.route.Route;
25 import org.springframework.http.HttpMethod;
26 import org.springframework.http.HttpRequest;
27 import org.springframework.web.server.ServerWebExchange;
28 import reactor.core.publisher.Mono;
29
30 public class CsrfRouteMatcher extends AbstractRouteMatcher {
31
32 private static final String CACHE_NAME = CsrfRouteMatcher.class.getName();
33
34 private static final Set<HttpMethod> ALLOWED_METHODS = Set.of(
35 HttpMethod.GET, HttpMethod.HEAD, HttpMethod.TRACE, HttpMethod.OPTIONS);
36
37 static {
38 CACHE.put(CACHE_NAME, new ConcurrentHashMap<>());
39 }
40
41 private final PublicRouteMatcher publicRouteMatcher;
42
43 public CsrfRouteMatcher(final PublicRouteMatcher publicRouteMatcher) {
44 this.publicRouteMatcher = publicRouteMatcher;
45 }
46
47 @Override
48 protected String getCacheName() {
49 return CACHE_NAME;
50 }
51
52 @Override
53 protected boolean routeBehavior(final Route route) {
54 return routeProvider.getRouteTOs().stream().
55 filter(r -> route.getId().equals(r.getKey())).findFirst().
56 map(SRARouteTO::isCsrf).orElse(true)
57 && !publicRouteMatcher.routeBehavior(route);
58 }
59
60 @Override
61 public Mono<MatchResult> matches(final ServerWebExchange exchange) {
62 return Mono.just(exchange.getRequest()).
63 map(HttpRequest::getMethod).
64 filter(ALLOWED_METHODS::contains).
65 flatMap(m -> MatchResult.notMatch()).
66 switchIfEmpty(super.matches(exchange));
67 }
68 }