diff --git a/gxspringboot/src/main/java/com/genexus/springboot/GXConfig.java b/gxspringboot/src/main/java/com/genexus/springboot/GXConfig.java index ae148c82a..e2df744a2 100644 --- a/gxspringboot/src/main/java/com/genexus/springboot/GXConfig.java +++ b/gxspringboot/src/main/java/com/genexus/springboot/GXConfig.java @@ -4,10 +4,12 @@ import com.genexus.common.interfaces.SpecificImplementation; import com.genexus.diagnostics.core.ILogger; import com.genexus.diagnostics.core.LogManager; +import com.genexus.filters.SessionFilter; import com.genexus.servlet.CorsFilter; import com.genexus.xml.GXXMLSerializable; import jakarta.annotation.PreDestroy; +import jakarta.servlet.DispatcherType; import org.glassfish.jersey.server.ResourceConfig; import org.glassfish.jersey.servlet.ServletContainer; import org.glassfish.jersey.servlet.ServletProperties; @@ -92,6 +94,24 @@ public FilterRegistrationBean urlRewriteFilter() { return registrationBean; } + @Bean + public FilterRegistrationBean sessionFilter() { + FilterRegistrationBean registration = + new FilterRegistrationBean<>(); + + registration.setFilter(new SessionFilter()); + registration.setName("session-filter"); + registration.addUrlPatterns("/*"); + registration.setOrder(Ordered.HIGHEST_PRECEDENCE + 2); + + registration.setDispatcherTypes( + DispatcherType.REQUEST, + DispatcherType.FORWARD + ); + + return registration; + } + @Bean public ServletContextInitializer jerseyFilter() { Set> rrcs = JaxrsResourcesHolder.getAll(); diff --git a/java/src/main/java/com/genexus/filters/SecureCookieHttpServletResponseWrapper.java b/java/src/main/java/com/genexus/filters/SecureCookieHttpServletResponseWrapper.java index f95efff2c..f51af6f7d 100644 --- a/java/src/main/java/com/genexus/filters/SecureCookieHttpServletResponseWrapper.java +++ b/java/src/main/java/com/genexus/filters/SecureCookieHttpServletResponseWrapper.java @@ -18,12 +18,22 @@ public SecureCookieHttpServletResponseWrapper(IHttpServletResponse response, Str } @Override public void addCookie(ICookie cookie) { - if (!cookie.getSecure() && cookie.getName().toLowerCase()==cookieId){ + if (!cookie.getSecure() && cookie.getName().toLowerCase().equals(cookieId)){ cookie.setSecure(true); } super.addCookie(cookie); } + @Override + public void addHeader(String name, String value) { + if (name.equalsIgnoreCase("Set-Cookie") && value.toLowerCase().startsWith(cookieId.toLowerCase() + "=")) { + if (!value.toLowerCase().contains("secure")) { + value += "; Secure"; + } + } + super.addHeader(name, value); + } + public IServletOutputStream getWrapperOutputStream() throws IOException { return response.getOutputStream(); } diff --git a/java/src/main/java/com/genexus/filters/SessionFilter.java b/java/src/main/java/com/genexus/filters/SessionFilter.java index dbf131ba8..1a43a7472 100644 --- a/java/src/main/java/com/genexus/filters/SessionFilter.java +++ b/java/src/main/java/com/genexus/filters/SessionFilter.java @@ -3,6 +3,7 @@ import java.util.Arrays; import java.util.Map; +import com.genexus.WrapperUtils; import com.genexus.servlet.*; import com.genexus.servlet.http.*; @@ -19,12 +20,7 @@ public void init(Map headers, String path, String sessionCookieN public void doFilter(IServletRequest request, IServletResponse response, IFilterChain chain) throws Exception { IHttpServletRequest req = request.getHttpServletRequest(); IHttpServletResponse res = response.getHttpServletResponse(); - ICookie session=null; - ICookie[] allCookies = req.getCookies(); - if (allCookies != null) { - session = Arrays.stream(allCookies).filter(x -> x.getName().equals(JSESSIONID)).findFirst().orElse(null); - } - if (session!=null && req.isSecure() && !session.getSecure()) + if (WrapperUtils.isSecureConnection(req)) { chain.doFilter(request, new SecureCookieHttpServletResponseWrapper(res, JSESSIONID)); } diff --git a/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java b/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java index 23fef2fe5..dd4faa2f3 100644 --- a/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java +++ b/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java @@ -1005,9 +1005,8 @@ public String getScriptPath() { } public int getHttpSecure() { - String protocol = getHeader("X-Forwarded-Proto"); - if (protocol != null && !protocol.equals("")) { - return protocol.equalsIgnoreCase("https") ? 1 : 0; + if (WrapperUtils.isSecureConnection(request)) { + return 1; } String serverProtocolProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_PROTOCOL", ""); if (!StringUtils.isBlank(serverProtocolProperty)) { diff --git a/wrappercommon/src/main/java/com/genexus/WrapperUtils.java b/wrappercommon/src/main/java/com/genexus/WrapperUtils.java index 05173db5a..dcb31b99d 100644 --- a/wrappercommon/src/main/java/com/genexus/WrapperUtils.java +++ b/wrappercommon/src/main/java/com/genexus/WrapperUtils.java @@ -7,6 +7,7 @@ import java.util.stream.Collectors; import com.genexus.opentelemetry.OpenTelemetryHelper; +import com.genexus.servlet.http.IHttpServletRequest; import org.json.JSONException; import com.genexus.json.JSONObjectWrapper; import org.apache.commons.io.IOUtils; @@ -56,4 +57,15 @@ public static InputStream storeRestRequestBody(InputStream is) throws IOExceptio return IOUtils.toInputStream(body, "UTF-8"); } + + public static boolean isSecureConnection(IHttpServletRequest req) { + return req.isSecure() || + "https".equalsIgnoreCase(req.getHeader("X-Forwarded-Proto")) || + "on".equalsIgnoreCase(req.getHeader("X-Forwarded-Ssl")) || + "1".equals(req.getHeader("X-Forwarded-Ssl")) || + "true".equalsIgnoreCase(req.getHeader("X-Forwarded-Ssl")) || + "https".equalsIgnoreCase(req.getHeader("X-Forwarded-Scheme")) || + "on".equalsIgnoreCase(req.getHeader("Front-End-Https")) || + "https".equalsIgnoreCase(req.getHeader("X-Url-Scheme")); + } } \ No newline at end of file