gh-156 : ul (CONFIGURATION)

Work around method parameter name lost during security SpEL evaluation in tests

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.c4-soft.springaddons</groupId>
 	<artifactId>spring-addons</artifactId>
-	<version>7.1.16-SNAPSHOT</version>
+	<version>7.1.17-SNAPSHOT</version>
 	<packaging>pom</packaging>
 	<name>spring-addons</name>
 	<description>Set of tools I find useful to work with Spring (mostly spring-security for OpenID)</description>

samples/pom.xml

@@ -1,12 +1,10 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>com.c4-soft.springaddons</groupId>
 		<artifactId>spring-addons</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<groupId>com.c4-soft.springaddons.samples</groupId>

samples/tutorials/bff/backend/official/bff-official/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials.bff.official</groupId>
 		<artifactId>bff-official-parent</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>bff-gateway-official</artifactId>

samples/tutorials/bff/backend/official/greeting-api-official/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials.bff.official</groupId>
 		<artifactId>bff-official-parent</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>bff-greeting-api-official</artifactId>

samples/tutorials/bff/backend/official/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials.bff</groupId>
 		<artifactId>bff-backend-parent</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<groupId>com.c4-soft.springaddons.samples.tutorials.bff.official</groupId>

samples/tutorials/bff/backend/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials.bff</groupId>
 		<artifactId>bff-parent</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>bff-backend-parent</artifactId>

samples/tutorials/bff/backend/with-c4-soft/bff-c4/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials.bff.with-c4-soft</groupId>
 		<artifactId>bff-c4-parent</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>bff-gateway-c4</artifactId>

samples/tutorials/bff/backend/with-c4-soft/greeting-api-c4/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials.bff.with-c4-soft</groupId>
 		<artifactId>bff-c4-parent</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>bff-greeting-api-c4</artifactId>

samples/tutorials/bff/backend/with-c4-soft/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials.bff</groupId>
 		<artifactId>bff-backend-parent</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<groupId>com.c4-soft.springaddons.samples.tutorials.bff.with-c4-soft</groupId>

samples/tutorials/bff/flutter/android/app/src/main/AndroidManifest.xml

@@ -52,7 +52,7 @@
                     <data android:pathPrefix="/ui" />
                 </intent-filter>
 
-                <intent-filter >
+                <!--intent-filter >
                     <action android:name="android.intent.action.VIEW" />
     
                     <category android:name="android.intent.category.DEFAULT" />
@@ -92,7 +92,7 @@
                     <data android:scheme="http" />
                     <data android:host="192.168.1.182" android:port="8080" />
                     <data android:pathPrefix="/ui" />
-                </intent-filter>
+                </intent-filter-->
         </activity>
         <!-- Don't delete the meta-data below.
              This is used by the Flutter tool to generate GeneratedPluginRegistrant.java -->

samples/tutorials/bff/flutter/lib/network.service.dart

@@ -0,0 +1,244 @@
+import 'dart:convert';
+import 'dart:io';
+
+import 'package:quiver/collection.dart';
+
+const bffScheme = 'https';
+const bffHost = 'quiz.c4-soft.com';
+const bffPort = 443;
+const bffUri = '$bffScheme://$bffHost:$bffPort';
+final httpClient = NetworkService();
+
+
+class Response {
+  final int status;
+  final dynamic body;
+  final String? error;
+
+  Response(this.status, this.body, this.error);
+}
+
+abstract class HttpClientFacade {
+  Response get(Uri uri, {Multimap<String, String>? headers});
+
+  Response getJson(Uri uri, {Multimap<String, String>? headers});
+
+  Response post(Uri uri, dynamic body, {Multimap<String, String>? headers});
+
+  Response postAsJson(Uri uri, dynamic body, {Multimap<String, String>? headers});
+
+  Response put(Uri uri, dynamic body, {Multimap<String, String>? headers});
+
+  Response putAsJson(Uri uri, dynamic body, {Multimap<String, String>? headers});
+
+  Response delete(Uri uri, {Multimap<String, String>? headers});
+}
+
+class MobileHttpClientFacade extends HttpClientFacade {
+  @override
+  Response delete(Uri uri, {Multimap<String, String>? headers}) {
+    // TODO: implement delete
+    throw UnimplementedError();
+  }
+
+  @override
+  Response get(Uri uri, {Multimap<String, String>? headers}) {
+    // TODO: implement get
+    throw UnimplementedError();
+  }
+
+  @override
+  Response getJson(Uri uri, {Multimap<String, String>? headers}) {
+    // TODO: implement getJson
+    throw UnimplementedError();
+  }
+
+  @override
+  Response post(Uri uri, body, {Multimap<String, String>? headers}) {
+    // TODO: implement post
+    throw UnimplementedError();
+  }
+
+  @override
+  Response postAsJson(Uri uri, body, {Multimap<String, String>? headers}) {
+    // TODO: implement postAsJson
+    throw UnimplementedError();
+  }
+
+  @override
+  Response put(Uri uri, body, {Multimap<String, String>? headers}) {
+    // TODO: implement put
+    throw UnimplementedError();
+  }
+
+  @override
+  Response putAsJson(Uri uri, body, {Multimap<String, String>? headers}) {
+    // TODO: implement putAsJson
+    throw UnimplementedError();
+  }
+
+}
+
+/// <h1>Helper to handle cookies, CSRF and JSON encoding</h1>
+/// <p>
+///   Cookies are sent back only to the server which emitted it (not to all servers from the same domain).
+/// </p>
+/// <p>
+///   CSRF token is read from XSRF-TOKEN cookie and set as X-XSRF-TOKEN header of
+///   POST, PUT and DELET requests to the server which set the cookie.
+/// </p>
+class NetworkService {
+  /// An index of cookies by server ID (combination of host and port)
+  final Map<String, List<Cookie>> _cookies = {};
+  final HttpClient _client = HttpClient();
+  final _encoder = const JsonEncoder();
+
+  static Multimap<String, String> mobileOAuth2Headers() {
+    final mobileOAuth2Headers = Multimap<String, String>();
+    mobileOAuth2Headers.add('X-RESPONSE-STATUS', 'NO_CONTENT');
+    return mobileOAuth2Headers;
+  }
+
+  /*------------------*/
+  /* Public interface */
+  /*------------------*/
+  Future<HttpClientResponse> get(Uri uri,
+      {Multimap<String, String>? headers}) async {
+    final request = await _client.getUrl(uri);
+    headers?.forEach((name, value) {
+      request.headers.add(name, value);
+    });
+
+    _addStoredCookies(request);
+
+    final response = await request.close();
+
+    _updateStoredCookies(response, _serverId(request));
+
+    return response;
+  }
+
+  Future<Response> getJson(Uri uri,
+      {Multimap<String, String>? headers}) async {
+    final Multimap<String, String> headersWithAccept =
+        headers ?? Multimap<String, String>();
+    headersWithAccept.removeAll(HttpHeaders.acceptHeader);
+    headersWithAccept.removeAll(HttpHeaders.acceptCharsetHeader);
+    headersWithAccept.add(HttpHeaders.acceptHeader, 'application/json');
+    headersWithAccept.add(HttpHeaders.acceptCharsetHeader, 'utf-8');
+
+    final response = await get(uri, headers: headersWithAccept);
+    final stringData = await response.transform(utf8.decoder).join();
+    if (response.statusCode < 200 || response.statusCode > 299) {
+      return Response(response.statusCode, null, stringData);
+    }
+    return Response(response.statusCode, jsonDecode(stringData), null);
+  }
+
+  Future<HttpClientResponse> post(Uri uri,
+      {Multimap<String, String>? headers, body}) async {
+    final request = await _client.postUrl(uri);
+    return _sendStateChangingRequest(request, headers, body);
+  }
+
+  Future<HttpClientResponse> postJson(Uri uri, dynamic body,
+      {Multimap<String, String>? headers}) async {
+    return post(uri,
+        headers: _withJsonContentType(headers), body: _encoder.convert(body));
+  }
+
+  Future<HttpClientResponse> put(Uri uri, {headers, body, encoding}) async {
+    final request = await _client.putUrl(uri);
+    return _sendStateChangingRequest(request, headers, body);
+  }
+
+  Future<HttpClientResponse> putJson(Uri uri, dynamic body,
+      {Multimap<String, String>? headers}) async {
+    return put(uri,
+        headers: _withJsonContentType(headers), body: _encoder.convert(body));
+  }
+
+  Future<HttpClientResponse> delete(Uri uri, {headers}) async {
+    final request = await _client.deleteUrl(uri);
+    return _sendStateChangingRequest(request, headers, null);
+  }
+
+  /*-----------*/
+  /* Internals */
+  /*-----------*/
+  String _serverId(HttpClientRequest request) {
+    return '${request.uri.host}:${request.uri.port}';
+  }
+
+  void _updateStoredCookies(HttpClientResponse response, String serverId) {
+    final cookies = response.cookies;
+    final now = DateTime.now();
+
+    for (final cookie in cookies) {
+      final domainCookies = _cookies[serverId] ?? [];
+      domainCookies.removeWhere((element) =>
+          now.isAfter(cookie.expires ?? now) ||
+          (cookie.name == element.name &&
+              (cookie.path ?? '') == (element.path ?? '')));
+      domainCookies.add(cookie);
+      _cookies[serverId] = domainCookies;
+    }
+  }
+
+  void _addStoredCookies(HttpClientRequest request) {
+    final cookies = _cookies[_serverId(request)] ?? [];
+    final now = DateTime.now();
+    cookies.removeWhere((element) => now.isAfter(element.expires ?? now));
+    cookies
+        .where((element) =>
+            element.path == null ||
+            request.uri.path.contains(element.path ?? ''))
+        .forEach((element) {
+      request.cookies.add(element);
+    });
+  }
+
+  void _addCsrf(String domain, HttpHeaders headers) {
+    final domainCookies = _cookies[domain] ?? [];
+    final csrfCookie = domainCookies.firstWhere(
+        (element) => element.name == 'XSRF-TOKEN',
+        orElse: () => Cookie('XSRF-TOKEN', ''));
+    if (csrfCookie.value.isNotEmpty) {
+      headers.add('X-XSRF-TOKEN', csrfCookie.value);
+    }
+  }
+
+  Future<HttpClientResponse> _sendStateChangingRequest(
+      HttpClientRequest request,
+      Multimap<String, String>? headers,
+      dynamic body) async {
+    final serverId = _serverId(request);
+
+    headers?.forEach((name, value) {
+      request.headers.add(name, value);
+    });
+    _addCsrf(serverId, request.headers);
+
+    _addStoredCookies(request);
+
+    if (body != null) {
+      request.write(body);
+    }
+
+    final response = await request.close();
+
+    _updateStoredCookies(response, serverId);
+
+    return response;
+  }
+
+  Multimap<String, String> _withJsonContentType(
+      Multimap<String, String>? headers) {
+    final Multimap<String, String> headersWithContentType =
+        headers ?? Multimap<String, String>();
+    headersWithContentType.removeAll(HttpHeaders.contentTypeHeader);
+    headersWithContentType.add(
+        HttpHeaders.contentTypeHeader, 'application/json; charset=utf-8');
+    return headersWithContentType;
+  }
+}

samples/tutorials/bff/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials</groupId>
 		<artifactId>tutorials</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<groupId>com.c4-soft.springaddons.samples.tutorials.bff</groupId>

samples/tutorials/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples</groupId>
 		<artifactId>spring-addons-samples</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<groupId>com.c4-soft.springaddons.samples.tutorials</groupId>

samples/tutorials/reactive-client/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials</groupId>
 		<artifactId>tutorials</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>reactive-client</artifactId>

samples/tutorials/reactive-resource-server/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials</groupId>
 		<artifactId>tutorials</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>reactive-resource-server</artifactId>

samples/tutorials/resource-server_multitenant_dynamic/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials</groupId>
 		<artifactId>tutorials</artifactId>
-		<version>7.1.16-SNAPSHOT</version>
+		<version>7.1.17-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>resource-server_multitenant_dynamic</artifactId>