Debug CORS check methods

samply · Nov 11, 2024 · db04834 · db04834
1 parent 9a5bda4
commit db04834
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 41 deletions.
diff --git a/src/main/java/de/samply/security/AccessDeniedExceptionHandler.java b/src/main/java/de/samply/security/AccessDeniedExceptionHandler.java
diff --git a/src/main/java/de/samply/security/LoggedCorsConfiguration.java b/src/main/java/de/samply/security/LoggedCorsConfiguration.java
@@ -0,0 +1,54 @@
+package de.samply.security;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpMethod;
+import org.springframework.web.cors.CorsConfiguration;
+
+import java.util.List;
+
+@Slf4j
+public class LoggedCorsConfiguration extends CorsConfiguration {
+
+    @Override
+    public String checkOrigin(String origin) {
+        String result = super.checkOrigin(origin);
+        log.debug("Checking CORS Origin:");
+        log.debug("\t-\tInput: " + origin);
+        log.debug("\t-\tOutput: " + result);
+        return result;
+    }
+
+    @Override
+    public List<HttpMethod> checkHttpMethod(HttpMethod requestMethod) {
+        List<HttpMethod> result = super.checkHttpMethod(requestMethod);
+        log.debug("Checking CORS Method:");
+        log.debug("\t-\tInput Method: " + requestMethod);
+        if (result != null) {
+            log.debug("\t-\tOutput Methods: ");
+            for (HttpMethod method : result) {
+                log.debug("\t\t- " + method.name());
+            }
+        }
+        return result;
+    }
+
+    @Override
+    public List<String> checkHeaders(List<String> requestHeaders) {
+        List<String> result = super.checkHeaders(requestHeaders);
+        log.debug("Checking CORS Headers:");
+        if (requestHeaders != null) {
+            log.debug("\t-\tInput Headers: ");
+            for (String header : requestHeaders) {
+                log.debug("\t\t- " + header);
+            }
+        }
+        if (result != null) {
+            log.debug("\t-\tOutput Headers: ");
+            for (String header : result) {
+                log.debug("\t\t- " + header);
+            }
+        }
+        return result;
+    }
+
+}
diff --git a/src/main/java/de/samply/security/SecurityConfiguration.java b/src/main/java/de/samply/security/SecurityConfiguration.java
@@ -120,7 +120,7 @@ public JwtAuthenticationConverter jwtAuthenticationConverter() {
 
     @Bean
     CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
+        CorsConfiguration configuration = new LoggedCorsConfiguration();
         configuration.setAllowedOrigins(Arrays.asList(frontendConfiguration.getBaseUrl(), explorerUrl));
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS"));
         configuration.setAllowedHeaders(Arrays.asList(HttpHeaders.ORIGIN, HttpHeaders.CONTENT_TYPE, HttpHeaders.ACCEPT, HttpHeaders.AUTHORIZATION, "Returnaccept")); // Allow required headers