skip original filter if the previous filter is already commited (MID-…

…7081)
Evolveum · Jun 29, 2021 · 018466f · 018466f
1 parent 07e17f9
commit 018466f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/...i/src/main/java/com/evolveum/midpoint/web/security/MidPointGuiAuthorizationEvaluator.java b/...i/src/main/java/com/evolveum/midpoint/web/security/MidPointGuiAuthorizationEvaluator.java
@@ -11,6 +11,8 @@
 import java.util.List;
 import java.util.Map;
 
+import com.evolveum.midpoint.web.security.module.configuration.ModuleWebSecurityConfigurationImpl;
+
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.access.AccessDecisionManager;
@@ -47,6 +49,8 @@ public class MidPointGuiAuthorizationEvaluator implements SecurityEnforcer, Secu
 
     private static final Trace LOGGER = TraceManager.getTrace(MidPointGuiAuthorizationEvaluator.class);
 
+    private final String authUrl = "/" + ModuleWebSecurityConfigurationImpl.DEFAULT_PREFIX_OF_MODULE + "/*";
+
     private final SecurityEnforcer securityEnforcer;
     private final SecurityContextManager securityContextManager;
     private final TaskManager taskManager;
@@ -254,6 +258,10 @@ protected void decideInternal(MidPointPrincipal principal, List<String> required
     }
 
     private boolean isPermitAll(FilterInvocation filterInvocation) {
+        if (filterInvocation.getResponse().isCommitted()
+                && new AntPathRequestMatcher(authUrl).matches(filterInvocation.getRequest())) {
+            return true;
+        }
         for (String url : DescriptorLoader.getPermitAllUrls()) {
             AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
             if (matcher.matches(filterInvocation.getRequest())) {

diff --git a/...admin-gui/src/main/java/com/evolveum/midpoint/web/security/filter/MidpointAuthFilter.java b/...admin-gui/src/main/java/com/evolveum/midpoint/web/security/filter/MidpointAuthFilter.java
@@ -396,13 +396,11 @@ public void doFilter(ServletRequest request, ServletResponse response)
                     LOGGER.debug(UrlUtils.buildRequestUrl((HttpServletRequest) request)
                             + " reached end of additional filter chain; proceeding with original chain, if url is permit all");
                 }
-
-//                MidpointAuthentication mpAuthentication = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
-//                //authentication pages (login, select ID for saml ...) during processing of modules
-//                if (AuthUtil.isPermitAll((HttpServletRequest) request) && mpAuthentication != null && mpAuthentication.isProcessing()) {
-//                    originalChain.doFilter(request, response);
-//                    return;
-//                }
+                // If the previous filter has already returned a response, skip the original filter
+                // to prevent duplicate response writes
+                if (response.isCommitted()) {
+                    return;
+                }
                 originalChain.doFilter(request, response);
             } else {
                 currentPosition++;