chore: sync from gitlab

CHANGELOG.md

@@ -1,5 +1,43 @@
 # Changelog
 
+## [3.18.0](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/compare/3.17.0...3.18.0) (2024-10-21)
+
+
+### 🚀 Features
+
+* **dhei-16267:** header removal feature, filter query params list ([f608044](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/f6080449f89b8a61ab21c9abb596503898de84f6))
+
+## [3.17.0](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/compare/3.16.0...3.17.0) (2024-09-26)
+
+
+### 💈 Style
+
+* **jwt:** linting ([6c931b5](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/6c931b54cfccabf24f68f9f53d3e80f0f34fa601))
+
+
+### 🧪 Tests
+
+* **jwt:** add testcases for the happy path ([7286055](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/7286055ce8142e43adf806ff3e60f9295c27fa34))
+* **jwt:** add testcases for wrong client configuration ([64a6268](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/64a62685e503c588904fa177d5d29209c4327a12))
+
+
+### 🚀 Features
+
+* evaluate token request , test structure improved ([d8eb836](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/d8eb83609a030f3aa35e38186e65a9de8c92ca81))
+* **jwt:** add jwt authorization for external idp ([f111116](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/f111116dcb5d5d2b52a89d69828c2b2ffda43d02))
+
+
+### 🛠 Fixes
+
+* merge duplicate code, improved TokenCacheKey structure ([56af4d7](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/56af4d7eac8739b6f065545a0de8e2c78cd0338d))
+
+
+### Other
+
+* sync from gitlab ([630f7ec](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/630f7eca40a4327d86b4ff8bd0c54589c2cbc816))
+* sync from gitlab ([9b0738d](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/9b0738d304aa5508521fbe0312dce1f74eb219d9))
+* sync from gitlab ([1deb92c](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/commit/1deb92cff2f447bac8a3faa3380478b1cb989c9d))
+
 ## [3.16.0](https://gitlab.devops.telekom.de/dhei/teams/hyperion/dev/src/jumper-sse/compare/3.15.2...3.16.0) (2024-07-04)
 
 

pom.xml

@@ -13,21 +13,21 @@ SPDX-License-Identifier: Apache-2.0
 
 	<groupId>de.telekom.ei.jumper</groupId>
 	<artifactId>jumper-sse</artifactId>
-	<version>3.16.0</version>
+	<version>3.18.0</version>
 
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.7.16</version>
+		<version>2.7.18</version>
 	</parent>
 
 	<properties>
 		<java.version>17</java.version>
 		<spring-cloud.version>2021.0.8</spring-cloud.version>
 		<redis-lettuce.version>6.3.2.RELEASE</redis-lettuce.version>
 		<cucumber.version>7.14.0</cucumber.version>
-		<reactor-bom.version>2020.0.37</reactor-bom.version>
-		<netty.version>4.1.100.Final</netty.version>
+		<reactor-bom.version>2020.0.47</reactor-bom.version>
+		<netty.version>4.1.112.Final</netty.version>
 		<junit.jupiter.version>5.9.3</junit.jupiter.version>
 		<junit.platform.version>1.10.0</junit.platform.version>
 		<testcontainers.version>1.19.8</testcontainers.version>

src/main/java/jumper/Constants.java

@@ -74,19 +74,30 @@ public class Constants {
   public static final String TOKEN_REQUEST_PARAMETER_SCOPE = "scope";
   public static final String TOKEN_REQUEST_PARAMETER_CLIENT_ID = "client_id";
   public static final String TOKEN_REQUEST_PARAMETER_CLIENT_SECRET = "client_secret";
+  public static final String TOKEN_REQUEST_PARAMETER_CLIENT_ASSERTION = "client_assertion";
+  public static final String TOKEN_REQUEST_PARAMETER_CLIENT_ASSERTION_TYPE =
+      "client_assertion_type";
+  public static final String TOKEN_REQUEST_PARAMETER_CLIENT_ASSERTION_TYPE_JWT =
+      "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
   public static final String TOKEN_REQUEST_PARAMETER_GRANT_TYPE = "grant_type";
   public static final String TOKEN_REQUEST_PARAMETER_USERNAME = "username";
   public static final String TOKEN_REQUEST_PARAMETER_PASSWORD = "password";
   public static final String TOKEN_REQUEST_PARAMETER_REFRESH_TOKEN = "refresh_token";
+  // client_secret_post
+  public static final String TOKEN_REQUEST_METHOD_POST = "body";
 
   public static final String TOKEN_CLAIM_CLIENT_ID = "clientId";
   public static final String TOKEN_CLAIM_ORIGIN_STARGATE = "originStargate";
   public static final String TOKEN_CLAIM_ORIGIN_ZONE = "originZone";
   public static final String TOKEN_CLAIM_SCOPE = "scope";
   public static final String TOKEN_CLAIM_SUB = "sub";
+  public static final String TOKEN_CLAIM_ISS = "iss";
+  public static final String TOKEN_CLAIM_JTI = "jti";
   public static final String TOKEN_CLAIM_AUD = "aud";
   public static final String TOKEN_CLAIM_TYP = "typ";
   public static final String TOKEN_CLAIM_AZP = "azp";
+  public static final String TOKEN_CLAIM_EXP = "exp";
+  public static final String TOKEN_CLAIM_IAT = "iat";
   public static final String TOKEN_CLAIM_OPERATION = "operation";
   public static final String TOKEN_CLAIM_REQUEST_PATH = "requestPath";
   public static final String TOKEN_CLAIM_ACCESS_TOKEN_SIGNATURE = "accessTokenSignature";

src/main/java/jumper/config/SleuthConfiguration.java

@@ -6,15 +6,27 @@
 
 import brave.http.HttpRequestParser;
 import brave.http.HttpResponseParser;
+import java.net.*;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
+import java.util.regex.*;
+import java.util.stream.Collectors;
 import jumper.Constants;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cloud.sleuth.instrument.web.HttpClientRequestParser;
 import org.springframework.cloud.sleuth.instrument.web.HttpClientResponseParser;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 @Configuration(proxyBeanMethods = false)
+@Slf4j
 public class SleuthConfiguration {
 
+  @Value("${spring.sleuth.filter-param-list:}")
+  List<String> queryFilterList;
+
   // see
   // https://docs.spring.io/spring-cloud-sleuth/docs/current-SNAPSHOT/reference/html/howto.html#how-to-cutomize-http-client-spans
 
@@ -40,11 +52,58 @@ HttpRequestParser httpRequestParser() {
 
       span.name("Outgoing Request: " + spanName);
 
-      span.tag("http.url", request.url());
+      span.tag("http.url", filterQueryParams(request.url(), queryFilterList));
 
       if (xTardisTraceId != null) {
         span.tag(Constants.HEADER_X_TARDIS_TRACE_ID, xTardisTraceId);
       }
     };
   }
+
+  private String filterQueryParams(String urlString, List<String> patterns) {
+    // first check, if there is something to do
+    if (!urlString.contains("?") || queryFilterList.isEmpty()) {
+      return urlString;
+    }
+
+    try {
+      URI uri = new URI(urlString);
+      String query = uri.getQuery();
+      String[] params = query.split("&");
+
+      List<Pattern> compiledPatterns = patterns.stream().map(Pattern::compile).toList();
+
+      String filteredParams =
+          Arrays.stream(params)
+              .filter(
+                  param -> {
+                    String[] keyValue = param.split("=");
+                    return compiledPatterns.stream()
+                        .noneMatch(pattern -> pattern.matcher(keyValue[0]).matches());
+                  })
+              .map(
+                  param -> {
+                    String[] keyValue = param.split("=");
+                    return URLEncoder.encode(keyValue[0], StandardCharsets.UTF_8)
+                        + "="
+                        + URLEncoder.encode(keyValue[1], StandardCharsets.UTF_8);
+                  })
+              .collect(Collectors.joining("&"));
+
+      URI filteredUri;
+      // just avoid trailing ?
+      if (!filteredParams.isEmpty()) {
+        filteredUri =
+            new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), filteredParams, null);
+      } else {
+        filteredUri = new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), null, null);
+      }
+      return filteredUri.toString();
+
+    } catch (URISyntaxException e) {
+      // we do not want to affect processing, just log and return original url
+      log.error("Problem occurred while filtering query params");
+      return urlString;
+    }
+  }
 }

src/main/java/jumper/filter/RequestFilter.java

@@ -215,8 +215,7 @@ && isSpaceZone(currentZone)) {
                             TokenInfo tokenInfo =
                                 oauthTokenUtil.getAccessTokenWithOauthCredentialsObject(
                                     jumperConfig.getExternalTokenEndpoint(),
-                                    oauthCredentials.get(),
-                                    jumperConfig.getConsumer());
+                                    oauthCredentials.get());
 
                             HeaderUtil.addHeader(
                                 exchange,
@@ -293,6 +292,7 @@ && isSpaceZone(currentZone)) {
                       log.info("logging request: {}", value("jumperInfo", infoRequest));
                     });
 
+                HeaderUtil.removeHeaders(exchange, jumperConfig.getRemoveHeaders());
                 tracer.currentSpan().event("jrqf");
               });
 
@@ -378,7 +378,7 @@ private void getAccessTokenFromExternalIdpLegacy(ServerWebExchange exchange, Jum
     if (Objects.nonNull(clientId) && Objects.nonNull(clientSecret)) {
       TokenInfo tokenInfo =
           oauthTokenUtil.getAccessTokenWithClientCredentials(
-              tokenEndpoint, clientId, clientSecret, clientScope, consumer);
+              tokenEndpoint, clientId, clientSecret, clientScope);
       HeaderUtil.addHeader(
           exchange,
           Constants.HEADER_AUTHORIZATION,

src/main/java/jumper/filter/ResponseFilter.java

@@ -24,7 +24,6 @@
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.stereotype.Component;
-import reactor.core.publisher.Mono;
 
 @Component
 @Slf4j
@@ -45,54 +44,52 @@ public GatewayFilter apply(Config config) {
         (exchange, chain) ->
             chain
                 .filter(exchange)
-                .doOnTerminate(() -> {
-                        if (exchange.getResponse().isCommitted()) {
-                            return;
-                        }
-                            WebFluxSleuthOperators.withSpanInScope(
-                                tracer,
-                                currentTraceContext,
-                                exchange,
-                                () -> {
-                                  ServerHttpResponse response = exchange.getResponse();
-                                  ServerHttpRequest request = exchange.getRequest();
+                .doOnTerminate(
+                    () -> {
+                      if (exchange.getResponse().isCommitted()) {
+                        return;
+                      }
+                      WebFluxSleuthOperators.withSpanInScope(
+                          tracer,
+                          currentTraceContext,
+                          exchange,
+                          () -> {
+                            ServerHttpResponse response = exchange.getResponse();
+                            ServerHttpRequest request = exchange.getRequest();
 
-                                  if (log.isDebugEnabled()) {
-                                    JumperInfoResponse jumperInfoResponse =
-                                        new JumperInfoResponse();
-                                    IncomingResponse incomingResponse = new IncomingResponse();
+                            if (log.isDebugEnabled()) {
+                              JumperInfoResponse jumperInfoResponse = new JumperInfoResponse();
+                              IncomingResponse incomingResponse = new IncomingResponse();
 
-                                    incomingResponse.setHost(
-                                        Objects.requireNonNull(
-                                                exchange.getAttribute(
-                                                    ServerWebExchangeUtils
-                                                        .GATEWAY_REQUEST_URL_ATTR))
-                                            .toString());
-                                    incomingResponse.setHttpStatusCode(
-                                        Objects.requireNonNull(response.getStatusCode()).value());
-                                    incomingResponse.setMethod(request.getMethodValue());
-                                    incomingResponse.setRequestHeaders(
-                                        request.getHeaders().toSingleValueMap());
-                                    jumperInfoResponse.setIncomingResponse(incomingResponse);
+                              incomingResponse.setHost(
+                                  Objects.requireNonNull(
+                                          exchange.getAttribute(
+                                              ServerWebExchangeUtils.GATEWAY_REQUEST_URL_ATTR))
+                                      .toString());
+                              incomingResponse.setHttpStatusCode(
+                                  Objects.requireNonNull(response.getStatusCode()).value());
+                              incomingResponse.setMethod(request.getMethodValue());
+                              incomingResponse.setRequestHeaders(
+                                  request.getHeaders().toSingleValueMap());
+                              jumperInfoResponse.setIncomingResponse(incomingResponse);
 
-                                    log.debug(
-                                        "logging response: {}",
-                                        value("jumperInfo", jumperInfoResponse));
-                                  }
+                              log.debug(
+                                  "logging response: {}", value("jumperInfo", jumperInfoResponse));
+                            }
 
-                                  long contentLength = response.getHeaders().getContentLength();
+                            long contentLength = response.getHeaders().getContentLength();
 
-                                  Span span = tracer.currentSpan();
+                            Span span = tracer.currentSpan();
 
-                                  if (Long.toString(contentLength).equals("-1")) {
-                                    span.tag("message.size_response", "0");
-                                  } else {
-                                    span.tag("message.size_response", Long.toString(contentLength));
-                                  }
+                            if (Long.toString(contentLength).equals("-1")) {
+                              span.tag("message.size_response", "0");
+                            } else {
+                              span.tag("message.size_response", Long.toString(contentLength));
+                            }
 
-                                  span.event("jrpf");
-                                });
-                }),
+                            span.event("jrpf");
+                          });
+                    }),
         RequestFilter.REQUEST_FILTER_ORDER);
   }
 

src/main/java/jumper/model/config/JumperConfig.java

@@ -31,6 +31,7 @@ public class JumperConfig {
   private HashMap<String, OauthCredentials> oauth;
   private HashMap<String, BasicAuthCredentials> basicAuth;
   private HashMap<String, RouteListener> routeListener;
+  private List<String> removeHeaders;
   private GatewayClient gatewayClient;
   private LoadBalancing loadBalancing;
 

src/main/java/jumper/model/config/OauthCredentials.java

@@ -12,11 +12,13 @@
 public class OauthCredentials {
   private String clientId;
   private String clientSecret;
+  private String clientKey;
   private String scopes;
   private String username;
   private String password;
   private String refreshToken;
   private String grantType;
+  private String tokenRequest;
 
   public String getId() {
 

src/main/java/jumper/service/HeaderUtil.java

@@ -6,6 +6,7 @@
 
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.util.List;
 import java.util.Objects;
 import jumper.Constants;
 import jumper.model.config.JumperConfig;
@@ -38,18 +39,25 @@ public static void removeHeader(ServerWebExchange exchange, String headerName) {
     exchange.getRequest().mutate().headers(httpHeaders -> httpHeaders.remove(headerName)).build();
   }
 
+  public static void removeHeaders(ServerWebExchange exchange, List<String> headerList) {
+    if (Objects.isNull(headerList) || headerList.isEmpty()) return;
+    exchange
+        .getRequest()
+        .mutate()
+        .headers(httpHeaders -> headerList.forEach(httpHeaders::remove))
+        .build();
+  }
+
   public static void rewriteXForwardedHeader(
       ServerWebExchange exchange, JumperConfig jumperConfig) {
 
     if (Objects.nonNull(jumperConfig.getConsumerOriginStargate())) {
-      String hostStargate = "";
       try {
         URL url = new URL(jumperConfig.getConsumerOriginStargate());
-        hostStargate = url.getHost();
+        HeaderUtil.addHeader(exchange, Constants.HEADER_X_FORWARDED_HOST, url.getHost());
       } catch (MalformedURLException e) {
         log.error(e.getMessage(), e);
       }
-      HeaderUtil.addHeader(exchange, Constants.HEADER_X_FORWARDED_HOST, hostStargate);
     }
 
     addHeader(exchange, Constants.HEADER_X_FORWARDED_PORT, Constants.HEADER_X_FORWARDED_PORT_PORT);