Enable CORS also on well-known endpoint (#725)

indigo-iam · Mar 22, 2024 · 0714724 · 0714724
1 parent 92fe11d
commit 0714724
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 11 deletions.
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/config/security/CorsConfig.java b/iam-login-service/src/main/java/it/infn/mw/iam/config/security/CorsConfig.java
@@ -27,17 +27,18 @@ public class CorsConfig {
   private static final String[] CORS_ENDPOINT_MATCHERS =
   // @formatter:off
     {
-        "/api/**", 
-        "/resource/**", 
+        "/api/**",
+        "/resource/**",
         "/register/**",
-        "/iam/**", 
-        "/scim/**", 
-        "/token", 
-        "/introspect", 
-        "/userinfo", 
-        "/revoke/**", 
+        "/iam/**",
+        "/scim/**",
+        "/token",
+        "/introspect",
+        "/userinfo",
+        "/revoke/**",
         "/jwk",
-        "/devicecode"
+        "/devicecode",
+        "/.well-known/openid-configuration"
     };
     //@formatter:on
 

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/config/security/MitreSecurityConfig.java b/iam-login-service/src/main/java/it/infn/mw/iam/config/security/MitreSecurityConfig.java
@@ -306,5 +306,25 @@ protected void configure(final HttpSecurity http) throws Exception {
       // @formatter:on
     }
   }
+
+  @Configuration
+  @Order(28)
+  public static class WellKnownEndpointConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+
+      // @formatter:off
+      http.antMatcher("/.well-known/openid-configuration")
+          .cors()
+        .and()
+          .sessionManagement()
+          .sessionCreationPolicy(STATELESS)
+        .and()
+          .authorizeRequests()
+            .antMatchers("/**").permitAll();
+      // @formatter:on
+    }
+  }
 
 }
diff --git a/iam-login-service/src/main/resources/application.yml b/iam-login-service/src/main/resources/application.yml
@@ -90,21 +90,22 @@ spring:
   mvc:
     pathmatch:
       matching-strategy: "ant-path-matcher"
+
 iam:
   host: ${IAM_HOST:localhost}
   baseUrl: ${IAM_BASE_URL:http://${iam.host}:8080}
   issuer: ${IAM_ISSUER:http://${iam.host}:8080}
   topbarTitle: ${IAM_TOPBAR_TITLE:INDIGO IAM for ${iam.organisation.name}}
   showSql: ${IAM_DATABASE_SHOW_SQL:false}
-  
+
   jwk:
     keystore-location: ${IAM_KEY_STORE_LOCATION:classpath:keystore.jwks}
     default-key-id: ${IAM_JWK_DEFAULT_KEY_ID:rsa1}
     default-jwe-decrypt-key-id: ${IAM_JWK_DEFAULT_JWE_DECRYPT_KEY_ID:${iam.jwk.default-key-id}}
     default-jwe-encrypt-key-id: ${IAM_JWK_DEFAULT_JWE_ENCRYPT_KEY_ID:${iam.jwk.default-key-id}}
     default-jws-algorithm: ${IAM_JWK_DEFAULT_JWS_ALGORITHM:RS256}
     default-jwe-algorithm: ${IAM_JWT_DEFAULT_JWE_ALGORITHM:RSA_OAEP_256} 
-    
+
   jwt-profile:
     default-profile: ${IAM_JWT_DEFAULT_PROFILE:iam}