diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf70dbd7..2902ee8f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 2.2.0
+* Vaadin
+ * `SecureVaadinRequestCache` now uses `RequestUtil#isSecuredFlowRoute` which should be more performant and future-proof
+
# 2.1.1
* Vaadin
* `SecureVaadinRequestCache` no longer ignores `urlMapping`
diff --git a/bom/pom.xml b/bom/pom.xml
index 451ab46c..f22681bf 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
bom
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
pom
bom
@@ -51,62 +51,62 @@
software.xdev.sse
client-storage
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
crypto-symmetric
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
crypto-symmetric-managed
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
codec-sha256
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
csp
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
metrics
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
oauth2-oidc
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
oauth2-oidc-remember-me
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
vaadin
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
web
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
web-sidecar-actuator
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
web-sidecar-common
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
diff --git a/client-storage/pom.xml b/client-storage/pom.xml
index bd4bb8f2..7ad701e4 100644
--- a/client-storage/pom.xml
+++ b/client-storage/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
client-storage
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
client-storage
diff --git a/codec-sha256/pom.xml b/codec-sha256/pom.xml
index 9f2b8e74..84f500d7 100644
--- a/codec-sha256/pom.xml
+++ b/codec-sha256/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
codec-sha256
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
codec-sha256
diff --git a/crypto-symmetric-managed/pom.xml b/crypto-symmetric-managed/pom.xml
index 51fa1f45..48189d83 100644
--- a/crypto-symmetric-managed/pom.xml
+++ b/crypto-symmetric-managed/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
crypto-symmetric-managed
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
crypto-symmetric-managed
diff --git a/crypto-symmetric/pom.xml b/crypto-symmetric/pom.xml
index 0bd64a42..cee0ef39 100644
--- a/crypto-symmetric/pom.xml
+++ b/crypto-symmetric/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
crypto-symmetric
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
crypto-symmetric
diff --git a/csp/pom.xml b/csp/pom.xml
index 39a23038..e97374d1 100644
--- a/csp/pom.xml
+++ b/csp/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
csp
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
csp
diff --git a/demo/entities-metamodel/pom.xml b/demo/entities-metamodel/pom.xml
index 2ae20714..322a9fc0 100644
--- a/demo/entities-metamodel/pom.xml
+++ b/demo/entities-metamodel/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo
demo
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
entities-metamodel
diff --git a/demo/entities/pom.xml b/demo/entities/pom.xml
index 54a28221..e7db9f5e 100644
--- a/demo/entities/pom.xml
+++ b/demo/entities/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo
demo
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
entities
diff --git a/demo/integration-tests/pom.xml b/demo/integration-tests/pom.xml
index 0fef8294..84069c47 100644
--- a/demo/integration-tests/pom.xml
+++ b/demo/integration-tests/pom.xml
@@ -7,12 +7,12 @@
software.xdev.sse.demo
demo
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse.demo.it
integration-tests
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
pom
@@ -31,38 +31,38 @@
software.xdev.sse.demo.it
tci-db
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse.demo.it
tci-webapp
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse.demo.it
tci-webapp-rest
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse.demo.it
tci-webapp-vaadin
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse.demo.it
webapp-it-base
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
org.seleniumhq.selenium
selenium-dependencies-bom
- 4.41.0
+ 4.43.0
pom
import
@@ -99,7 +99,7 @@
software.xdev.tci
bom
- 3.3.0
+ 3.3.1
pom
import
diff --git a/demo/integration-tests/tci-db/pom.xml b/demo/integration-tests/tci-db/pom.xml
index 9574a230..6a3343f6 100644
--- a/demo/integration-tests/tci-db/pom.xml
+++ b/demo/integration-tests/tci-db/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo.it
integration-tests
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
tci-db
diff --git a/demo/integration-tests/tci-webapp-rest/pom.xml b/demo/integration-tests/tci-webapp-rest/pom.xml
index 1fbe8a3b..a7c0acd3 100644
--- a/demo/integration-tests/tci-webapp-rest/pom.xml
+++ b/demo/integration-tests/tci-webapp-rest/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo.it
integration-tests
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
tci-webapp-rest
diff --git a/demo/integration-tests/tci-webapp-vaadin/pom.xml b/demo/integration-tests/tci-webapp-vaadin/pom.xml
index ef6ad27d..20e8c2db 100644
--- a/demo/integration-tests/tci-webapp-vaadin/pom.xml
+++ b/demo/integration-tests/tci-webapp-vaadin/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo.it
integration-tests
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
tci-webapp-vaadin
diff --git a/demo/integration-tests/tci-webapp/pom.xml b/demo/integration-tests/tci-webapp/pom.xml
index 90c77f21..384edbbc 100644
--- a/demo/integration-tests/tci-webapp/pom.xml
+++ b/demo/integration-tests/tci-webapp/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo.it
integration-tests
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
tci-webapp
diff --git a/demo/integration-tests/webapp-it-base/pom.xml b/demo/integration-tests/webapp-it-base/pom.xml
index c52f711f..a034bb4b 100644
--- a/demo/integration-tests/webapp-it-base/pom.xml
+++ b/demo/integration-tests/webapp-it-base/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo.it
integration-tests
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
webapp-it-base
diff --git a/demo/integration-tests/webapp-rest-it/pom.xml b/demo/integration-tests/webapp-rest-it/pom.xml
index b5daa174..4baf320a 100644
--- a/demo/integration-tests/webapp-rest-it/pom.xml
+++ b/demo/integration-tests/webapp-rest-it/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo.it
integration-tests
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
webapp-rest-it
diff --git a/demo/integration-tests/webapp-vaadin-it/pom.xml b/demo/integration-tests/webapp-vaadin-it/pom.xml
index 990abac4..c70ca952 100644
--- a/demo/integration-tests/webapp-vaadin-it/pom.xml
+++ b/demo/integration-tests/webapp-vaadin-it/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo.it
integration-tests
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
webapp-vaadin-it
diff --git a/demo/persistence/pom.xml b/demo/persistence/pom.xml
index 6ab01dce..3d480602 100644
--- a/demo/persistence/pom.xml
+++ b/demo/persistence/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo
demo
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
persistence
diff --git a/demo/pom.xml b/demo/pom.xml
index 1df21d21..d0906c0b 100644
--- a/demo/pom.xml
+++ b/demo/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse.demo
demo
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
pom
@@ -43,25 +43,25 @@
software.xdev.sse.demo
entities
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse.demo
entities-metamodel
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse.demo
persistence
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse.demo
webapp-shared
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
@@ -138,27 +138,27 @@
software.xdev.sse
csp
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
oauth2-oidc
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
oauth2-oidc-remember-me
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
vaadin
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
software.xdev.sse
web-sidecar-actuator
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
diff --git a/demo/webapp-rest/pom.xml b/demo/webapp-rest/pom.xml
index b5daa6aa..4e574883 100644
--- a/demo/webapp-rest/pom.xml
+++ b/demo/webapp-rest/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo
demo
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
webapp-rest
diff --git a/demo/webapp-shared/pom.xml b/demo/webapp-shared/pom.xml
index efb5babe..d6837e8c 100644
--- a/demo/webapp-shared/pom.xml
+++ b/demo/webapp-shared/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo
demo
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
webapp-shared
diff --git a/demo/webapp-vaadin/pom.xml b/demo/webapp-vaadin/pom.xml
index 723578a9..b7d97bf0 100644
--- a/demo/webapp-vaadin/pom.xml
+++ b/demo/webapp-vaadin/pom.xml
@@ -7,7 +7,7 @@
software.xdev.sse.demo
demo
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
webapp-vaadin
diff --git a/metrics/pom.xml b/metrics/pom.xml
index 583cfd94..51c73762 100644
--- a/metrics/pom.xml
+++ b/metrics/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
metrics
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
metrics
diff --git a/oauth2-oidc-remember-me/pom.xml b/oauth2-oidc-remember-me/pom.xml
index 03bfd9cd..139ba364 100644
--- a/oauth2-oidc-remember-me/pom.xml
+++ b/oauth2-oidc-remember-me/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
oauth2-oidc-remember-me
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
oauth2-oidc-remember-me
diff --git a/oauth2-oidc/pom.xml b/oauth2-oidc/pom.xml
index fe862979..df5fca3f 100644
--- a/oauth2-oidc/pom.xml
+++ b/oauth2-oidc/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
oauth2-oidc
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
oauth2-oidc
diff --git a/pom.xml b/pom.xml
index a6f72769..0c700bf9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
root
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
pom
diff --git a/vaadin/pom.xml b/vaadin/pom.xml
index 0820a91f..ecf1302a 100644
--- a/vaadin/pom.xml
+++ b/vaadin/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
vaadin
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
vaadin
diff --git a/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java b/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java
index e0d5ef86..2ae67443 100644
--- a/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java
+++ b/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java
@@ -15,29 +15,14 @@
*/
package software.xdev.sse.vaadin;
-import java.lang.reflect.Field;
-import java.util.Set;
-import java.util.stream.Collectors;
-
-import jakarta.servlet.ServletContext;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
-import org.apache.catalina.Wrapper;
-import org.apache.catalina.core.ApplicationServletRegistration;
-import org.apache.catalina.core.StandardWrapper;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
-import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
-import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Component;
-import com.vaadin.flow.router.RouteBaseData;
-import com.vaadin.flow.server.VaadinServlet;
-import com.vaadin.flow.server.VaadinServletService;
import com.vaadin.flow.spring.security.RequestUtil;
import com.vaadin.flow.spring.security.VaadinDefaultRequestCache;
@@ -50,27 +35,17 @@
@Component
public class SecureVaadinRequestCache extends VaadinDefaultRequestCache
{
- private static final Logger LOG = LoggerFactory.getLogger(SecureVaadinRequestCache.class);
-
protected static final RequestMatcher NONE_REQUEST_MATCHER = r -> false;
- @Autowired
- protected ServletContext context;
-
@Autowired
protected RequestUtil requestUtil;
- // Shortcut to save computation cost (no path is longer than this)
- protected int defaultPathMaxLength = 255;
- protected int defaultWildcardPathLengthAssumption = 48;
- protected int pathMaxLength = this.defaultPathMaxLength;
protected RequestMatcher allowedMatcher;
@Override
public void saveRequest(final HttpServletRequest request, final HttpServletResponse response)
{
if(!HttpMethod.GET.matches(request.getMethod())
- || request.getServletPath().length() > this.pathMaxLength
|| !this.getAllowedPathsRequestMatcher().matches(request))
{
return;
@@ -79,21 +54,6 @@ public void saveRequest(final HttpServletRequest request, final HttpServletRespo
super.saveRequest(request, response);
}
- public void setPathMaxLength(final int pathMaxLength)
- {
- this.pathMaxLength = pathMaxLength;
- }
-
- public void setDefaultPathMaxLength(final int defaultPathMaxLength)
- {
- this.defaultPathMaxLength = defaultPathMaxLength;
- }
-
- public void setDefaultWildcardPathLengthAssumption(final int defaultWildcardPathLengthAssumption)
- {
- this.defaultWildcardPathLengthAssumption = defaultWildcardPathLengthAssumption;
- }
-
protected RequestMatcher getAllowedPathsRequestMatcher()
{
if(this.allowedMatcher == null)
@@ -116,79 +76,11 @@ protected synchronized void initAllowedPaths()
return;
}
- if(!(this.context.getServletRegistration("springServlet")
- instanceof final ApplicationServletRegistration applicationServletRegistration))
- {
- LOG.warn("Unable to find ApplicationServletRegistration");
- return;
- }
-
- final Wrapper wrapper;
- try
- {
- final Field fWrapper = ApplicationServletRegistration.class.getDeclaredField("wrapper");
- fWrapper.setAccessible(true);
- wrapper = (Wrapper)fWrapper.get(applicationServletRegistration);
- }
- catch(final Exception e)
- {
- LOG.error("Failed to get Wrapper", e);
- this.allowedMatcher = NONE_REQUEST_MATCHER;
- return;
- }
-
- if(!(wrapper instanceof final StandardWrapper standardWrapper)
- || !(standardWrapper.getServlet() instanceof final VaadinServlet vaadinServlet))
- {
- LOG.warn("Unable to extract VaadinServlet from Wrapper");
- return;
- }
-
- final VaadinServletService servletService = vaadinServlet.getService();
- if(servletService == null)
- {
- LOG.info("No servletService in servlet - Not initialized yet?");
- return;
- }
-
- final Set allowedPaths = servletService
- .getRouter()
- .getRegistry()
- .getRegisteredRoutes()
- .stream()
- .map(RouteBaseData::getTemplate)
- .filter(s -> !s.isBlank())
- .map(this.requestUtil::applyUrlMapping)
- .map(this::handleUrlParameterInPath)
- .collect(Collectors.toSet());
-
- LOG.debug("Allowed paths: {}", allowedPaths);
-
- this.pathMaxLength = allowedPaths.stream()
- .mapToInt(s -> s.length() + (s.endsWith("*") ? this.defaultWildcardPathLengthAssumption : 0))
- .max()
- .orElse(this.defaultPathMaxLength);
-
- this.allowedMatcher = new OrRequestMatcher(allowedPaths
- .stream()
- .map(PathPatternRequestMatcher.withDefaults()::matcher)
- .map(RequestMatcher.class::cast)
- .toList());
+ this.allowedMatcher = this.createAllowedPathsRequestMatcher();
}
- protected String handleUrlParameterInPath(final String path)
+ protected RequestMatcher createAllowedPathsRequestMatcher()
{
- final String urlParamIdentifier = "/:___url_parameter";
- final int urlParamIndex = path.indexOf(urlParamIdentifier);
- if(urlParamIndex == -1)
- {
- return path;
- }
-
- final String substring = path.substring(0, urlParamIndex);
- return substring + "/*"
- // Do a full level wildcard if there is more stuff (excluding the optional ?)
- // behind the path-part
- + (path.length() - substring.length() - urlParamIdentifier.length() <= 1 ? "" : "*");
+ return this.requestUtil::isSecuredFlowRoute;
}
}
diff --git a/web-sidecar-actuator/pom.xml b/web-sidecar-actuator/pom.xml
index c7943657..440a38ad 100644
--- a/web-sidecar-actuator/pom.xml
+++ b/web-sidecar-actuator/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
web-sidecar-actuator
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
web-sidecar-actuator
diff --git a/web-sidecar-common/pom.xml b/web-sidecar-common/pom.xml
index db82b181..25176ff4 100644
--- a/web-sidecar-common/pom.xml
+++ b/web-sidecar-common/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
web-sidecar-common
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
web-sidecar-common
diff --git a/web/pom.xml b/web/pom.xml
index 24a04932..61e5dd86 100644
--- a/web/pom.xml
+++ b/web/pom.xml
@@ -6,7 +6,7 @@
software.xdev.sse
web
- 2.1.2-SNAPSHOT
+ 2.2.0-SNAPSHOT
jar
web