Handle missing JWK Set URI gracefully and extend CORS allowed origins list
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 8m33s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 7m21s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m55s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m47s
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 8m33s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 7m21s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m55s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m47s
This commit is contained in:
+6
-4
@@ -64,16 +64,18 @@ class SecurityConfig(
|
||||
if (delegate == null) {
|
||||
synchronized(this) {
|
||||
if (delegate == null) {
|
||||
try {
|
||||
if (jwkSetUri.isBlank()) {
|
||||
throw IllegalArgumentException("JWK Set URI is missing")
|
||||
logger.error("JWK Set URI is missing – all authenticated requests will be rejected.")
|
||||
return Mono.error(org.springframework.security.oauth2.jwt.BadJwtException("Identity Provider not configured"))
|
||||
}
|
||||
try {
|
||||
logger.info("Attempting to initialize JWT Decoder with URI: {}", jwkSetUri)
|
||||
delegate = NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri).build()
|
||||
logger.info("JWT Decoder successfully initialized.")
|
||||
} catch (e: Exception) {
|
||||
logger.warn("Could not initialize JWT Decoder: {}", e.message)
|
||||
return Mono.error(IllegalStateException("Identity Provider unavailable"))
|
||||
// Throw BadJwtException so Spring Security returns 401, not 500 or passthrough
|
||||
return Mono.error(org.springframework.security.oauth2.jwt.BadJwtException("Identity Provider unavailable: ${e.message}"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -133,7 +135,7 @@ data class GatewaySecurityProperties(
|
||||
)
|
||||
|
||||
data class CorsProperties(
|
||||
val allowedOriginPatterns: Set<String> = setOf("http://localhost:*", "https://*.meldestelle.at"),
|
||||
val allowedOriginPatterns: Set<String> = setOf("http://localhost:*", "https://*.meldestelle.at", "https://*.mo-code.at"),
|
||||
val allowedMethods: Set<String> = setOf("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"),
|
||||
val allowedHeaders: Set<String> = setOf("*"),
|
||||
val exposedHeaders: Set<String> = setOf("X-Correlation-ID"),
|
||||
|
||||
Reference in New Issue
Block a user