Handle missing JWK Set URI gracefully and extend CORS allowed origins list
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 8m33s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 7m21s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m55s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m47s
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 8m33s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 7m21s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m55s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m47s
This commit is contained in:
+6
-4
@@ -64,16 +64,18 @@ class SecurityConfig(
|
|||||||
if (delegate == null) {
|
if (delegate == null) {
|
||||||
synchronized(this) {
|
synchronized(this) {
|
||||||
if (delegate == null) {
|
if (delegate == null) {
|
||||||
try {
|
|
||||||
if (jwkSetUri.isBlank()) {
|
if (jwkSetUri.isBlank()) {
|
||||||
throw IllegalArgumentException("JWK Set URI is missing")
|
logger.error("JWK Set URI is missing – all authenticated requests will be rejected.")
|
||||||
|
return Mono.error(org.springframework.security.oauth2.jwt.BadJwtException("Identity Provider not configured"))
|
||||||
}
|
}
|
||||||
|
try {
|
||||||
logger.info("Attempting to initialize JWT Decoder with URI: {}", jwkSetUri)
|
logger.info("Attempting to initialize JWT Decoder with URI: {}", jwkSetUri)
|
||||||
delegate = NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri).build()
|
delegate = NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri).build()
|
||||||
logger.info("JWT Decoder successfully initialized.")
|
logger.info("JWT Decoder successfully initialized.")
|
||||||
} catch (e: Exception) {
|
} catch (e: Exception) {
|
||||||
logger.warn("Could not initialize JWT Decoder: {}", e.message)
|
logger.warn("Could not initialize JWT Decoder: {}", e.message)
|
||||||
return Mono.error(IllegalStateException("Identity Provider unavailable"))
|
// Throw BadJwtException so Spring Security returns 401, not 500 or passthrough
|
||||||
|
return Mono.error(org.springframework.security.oauth2.jwt.BadJwtException("Identity Provider unavailable: ${e.message}"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -133,7 +135,7 @@ data class GatewaySecurityProperties(
|
|||||||
)
|
)
|
||||||
|
|
||||||
data class CorsProperties(
|
data class CorsProperties(
|
||||||
val allowedOriginPatterns: Set<String> = setOf("http://localhost:*", "https://*.meldestelle.at"),
|
val allowedOriginPatterns: Set<String> = setOf("http://localhost:*", "https://*.meldestelle.at", "https://*.mo-code.at"),
|
||||||
val allowedMethods: Set<String> = setOf("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"),
|
val allowedMethods: Set<String> = setOf("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"),
|
||||||
val allowedHeaders: Set<String> = setOf("*"),
|
val allowedHeaders: Set<String> = setOf("*"),
|
||||||
val exposedHeaders: Set<String> = setOf("X-Correlation-ID"),
|
val exposedHeaders: Set<String> = setOf("X-Correlation-ID"),
|
||||||
|
|||||||
Reference in New Issue
Block a user