dev en cours

src/main/java/fr/triplea/demovote/security/CorsFilter.java

@@ -4,34 +4,24 @@ import java.io.IOException;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.core.annotation.Order;
+import org.springframework.web.filter.OncePerRequestFilter;
 
-import jakarta.servlet.Filter;
 import jakarta.servlet.FilterChain;
-import jakarta.servlet.FilterConfig;
 import jakarta.servlet.ServletException;
-import jakarta.servlet.ServletRequest;
-import jakarta.servlet.ServletResponse;
-import jakarta.servlet.annotation.WebFilter;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
-@WebFilter("/*")
-@Order(2)
-public class CorsFilter implements Filter 
+
+public class CorsFilter extends OncePerRequestFilter 
 {
   
   private final Logger LOG = LoggerFactory.getLogger(CorsFilter.class);
 
-  public CorsFilter() { LOG.info("CorsFilter Init"); }
+  public CorsFilter() { LOG.info("CorsFilter init"); }
 
   @Override
-  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException
+  public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException
   {
-
-    HttpServletRequest request = (HttpServletRequest) req;
-    HttpServletResponse response = (HttpServletResponse) res;
-
     response.setHeader("Access-Control-Allow-Origin", "https://localhost:4200");
     response.setHeader("Access-Control-Allow-Credentials", "true");
     response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, OPTIONS, DELETE");
@@ -40,12 +30,9 @@ public class CorsFilter implements Filter
 
     if (request.getMethod().equals("OPTIONS")) { response.setStatus(HttpServletResponse.SC_ACCEPTED); return; }
 
-    chain.doFilter(req, res);
+    filterChain.doFilter(request, response);
   }
 
-  @Override
-  public void init(FilterConfig filterConfig) {}
-
   @Override
   public void destroy() {}
   

src/main/java/fr/triplea/demovote/security/SecurityConfig.java

@@ -34,7 +34,6 @@ public class SecurityConfig
 {
  
   // TODO: CSRF-TOKEN
-  // TODO: XSS-Filter ne marche plus après l'ajout du CORS-Filter
   // TODO: déconnexion automatique après timeout
 
   @Bean

src/main/java/fr/triplea/demovote/security/ServerConfig.java

@@ -5,14 +5,30 @@ import org.apache.catalina.connector.Connector;
 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
+import fr.triplea.demovote.security.xss.XssFilter;
+
 @Configuration
 public class ServerConfig 
 {
 
+  @Bean
+  public FilterRegistrationBean<XssFilter> loggingFilterRegistration() 
+  {
+    FilterRegistrationBean<XssFilter> registrationBean = new FilterRegistrationBean<>();
+    
+    registrationBean.setFilter(new XssFilter());
+    registrationBean.addUrlPatterns("/*");
+    registrationBean.setOrder(1); 
+    registrationBean.setName("xssFilter");
+        
+    return registrationBean;
+  }
+
   @Bean
   public ServletWebServerFactory servletContainer() 
   {

src/main/java/fr/triplea/demovote/security/jwt/JwtTokenFilter.java

@@ -2,6 +2,8 @@ package fr.triplea.demovote.security.jwt;
 
 import java.io.IOException;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -21,6 +23,8 @@ import jakarta.servlet.http.HttpServletResponse;
 
 public class JwtTokenFilter extends OncePerRequestFilter
 {
+
+  private final Logger LOG = LoggerFactory.getLogger(JwtTokenFilter.class);
   
   @Autowired
   private JwtTokenUtil jwtTokenUtil;
@@ -28,6 +32,8 @@ public class JwtTokenFilter extends OncePerRequestFilter
   @Autowired
   private MyUserDetailsService userDetailsService;
   
+  public JwtTokenFilter() { LOG.info("JwtTokenFilter init"); }
+
   @Override
   protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException 
   {
@@ -63,4 +69,5 @@ public class JwtTokenFilter extends OncePerRequestFilter
     
     return null;
   }
+  
 }

src/main/java/fr/triplea/demovote/security/xss/XssFilter.java

@@ -2,6 +2,8 @@ package fr.triplea.demovote.security.xss;
 
 import java.io.IOException;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.core.annotation.Order;
 
 import jakarta.servlet.Filter;
@@ -17,6 +19,10 @@ import jakarta.servlet.http.HttpServletRequest;
 public class XssFilter implements Filter 
 {
   
+  private final Logger LOG = LoggerFactory.getLogger(XssFilter.class);
+
+  public XssFilter() { LOG.info("XssFilter init"); }
+
   @Override
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException 
   {