diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java index 148f1875..943e8e4a 100644 --- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java +++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java @@ -42,6 +42,10 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.NegatedRequestMatcher; +import org.springframework.security.web.util.matcher.OrRequestMatcher; + +import java.util.List; import static org.springframework.http.HttpMethod.GET; import static org.springframework.http.HttpMethod.POST; @@ -116,6 +120,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .requestMatchers(new AntPathRequestMatcher("/error")).permitAll() ).oauth2ResourceServer(resourceServer -> resourceServer.jwt(jwt -> jwt.jwtAuthenticationConverter(new CustomAuthenticationConverter(securityConfigProperties.clientId())))) + .securityMatcher(new NegatedRequestMatcher( new OrRequestMatcher( + List.of( + new AntPathRequestMatcher(RestURI.API_PRESENTATIONS_IATP), + new AntPathRequestMatcher(RestURI.API_PRESENTATIONS_IATP_WORKAROUND))))) .addFilterAfter(new PresentationIatpFilter(validationService), BasicAuthenticationFilter.class); return http.build(); diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java index e5101f11..be219de2 100644 --- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java +++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java @@ -76,6 +76,14 @@ public static Optional getAccessToken(JWTClaimsSet claims) { } public static SignedJWT getAccessToken(String outerToken) { + + // in the history of tractus-x sometimes the header contains a bearer, sometimes not. + // as it is not possible to fix this wrong behavior over all applications + // we added this mitigation here (not good, we know..). + if (outerToken.startsWith("Bearer ")) { + outerToken = outerToken.substring("Bearer ".length()); + } + SignedJWT jwtOuter = parseToken(outerToken); JWTClaimsSet claimsSet = getClaimsSet(jwtOuter); Optional accessToken = getAccessToken(claimsSet); diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java index 44317ee0..0bbfeeec 100644 --- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java +++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java @@ -148,7 +148,7 @@ public void testPresentationQueryWithToken() { final Map data2 = MAPPER.readValue(message2, Map.class); final HttpHeaders headers2 = new HttpHeaders(); - headers2.set(HttpHeaders.AUTHORIZATION, jwt); + headers2.set(HttpHeaders.AUTHORIZATION, "Bearer " + jwt); final HttpEntity> entity2 = new HttpEntity<>(data2, headers2); var result2 = restTemplate .postForEntity(RestURI.API_PRESENTATIONS_IATP, entity2, String.class);