Merge branch 'release/0.8.8'

.gitignore

@@ -1,3 +1,6 @@
 /target/
 application.yml
 logs
+
+.idea
+*.iml

LICENSE_HEADER

@@ -1,6 +1,6 @@
 ContainerProxy
 
-Copyright (C) 2016-2020 Open Analytics
+Copyright (C) 2016-2021 Open Analytics
 
 ===========================================================================
 

README.md

@@ -1,10 +1,10 @@
 <pre>
-       ____            _        _                 ____                      
-      / ___|___  _ __ | |_ __ _(_)_ __   ___ _ __|  _ \ _ __ _____  ___   _ 
+       ____            _        _                 ____
+      / ___|___  _ __ | |_ __ _(_)_ __   ___ _ __|  _ \ _ __ _____  ___   _
      | |   / _ \| '_ \| __/ _` | | '_ \ / _ \ '__| |_) | '__/ _ \ \/ / | | |
      | |__| (_) | | | | || (_| | | | | |  __/ |  |  __/| | | (_) >  <| |_| |
       \____\___/|_| |_|\__\__,_|_|_| |_|\___|_|  |_|   |_|  \___/_/\_\\__, |
-                                                                       |___/ 
+                                                                       |___/
 
 </pre>
 
@@ -18,7 +18,7 @@ It is the engine that powers a.o. [ShinyProxy](https://shinyproxy.io) but can be
 
 Learn more at https://containerproxy.io (in progress)
 
-#### (c) Copyright Open Analytics NV, 2017-2020 - Apache License 2.0
+#### (c) Copyright Open Analytics NV, 2017-2021 - Apache License 2.0
 
 ## Building from source
 

doc/api/containerproxy-rest.html

@@ -2,7 +2,7 @@
 
     ContainerProxy
 
-    Copyright (C) 2016-2020 Open Analytics
+    Copyright (C) 2016-2021 Open Analytics
 
     ===========================================================================
 

pom.xml

@@ -5,14 +5,14 @@
 
 	<groupId>eu.openanalytics</groupId>
 	<artifactId>containerproxy</artifactId>
-	<version>0.8.7</version>
+	<version>0.8.8</version>
 	<name>ContainerProxy</name>
 	<packaging>jar</packaging>
 
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-                <version>2.3.3.RELEASE</version>
+                <version>2.3.4.RELEASE</version>
 		<relativePath />
 	</parent>
 
@@ -239,8 +239,15 @@
 			<groupId>mysql</groupId>
 			<artifactId>mysql-connector-java</artifactId>
 		</dependency>
-
-
+
+		<dependency>
+			<groupId>io.micrometer</groupId>
+			<artifactId>micrometer-registry-prometheus</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>io.micrometer</groupId>
+			<artifactId>micrometer-registry-influx</artifactId>
+		</dependency>
 
 		<!-- Kubernetes -->
 		<dependency>
@@ -252,8 +259,7 @@
 		<!-- UI frameworks -->
 		<dependency>
 			<groupId>org.thymeleaf.extras</groupId>
-			<artifactId>thymeleaf-extras-springsecurity4</artifactId>
-			<version>3.0.2.RELEASE</version>
+			<artifactId>thymeleaf-extras-springsecurity5</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.webjars</groupId>

src/main/java/eu/openanalytics/containerproxy/ContainerProxyApplication.java

@@ -1,7 +1,7 @@
 /**
  * ContainerProxy
  *
- * Copyright (C) 2016-2020 Open Analytics
+ * Copyright (C) 2016-2021 Open Analytics
  *
  * ===========================================================================
  *
@@ -31,14 +31,20 @@
 import org.springframework.boot.actuate.health.HealthIndicator;
 import org.springframework.boot.actuate.redis.RedisHealthIndicator;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
 import org.springframework.boot.web.server.PortInUseException;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.core.env.Environment;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
-import org.springframework.session.data.redis.config.ConfigureRedisAction;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
+import org.springframework.session.web.http.DefaultCookieSerializer;
+import org.springframework.session.security.SpringSessionBackedSessionRegistry;
 import org.springframework.web.filter.FormContentFilter;
 
 import javax.annotation.PostConstruct;
@@ -62,6 +68,9 @@ public class ContainerProxyApplication {
 	@Inject
 	private ProxyMappingManager mappingManager;
 
+	@Inject
+	private DefaultCookieSerializer defaultCookieSerializer;
+
 	private final Logger log = LogManager.getLogger(getClass());
 
 	public static void main(String[] args) {
@@ -86,8 +95,12 @@ public static void main(String[] args) {
 	@PostConstruct
 	public void init() {
 		if (environment.getProperty("server.use-forward-headers") != null) {
-			log.warn("WARNING: Using server.use-forward-headers will not work in this ShinyProxy release. See https://shinyproxy.io/documentation/security/#https-ssl--tls on how to change your configuration.");
+			log.warn("WARNING: Using server.use-forward-headers will not work in this ShinyProxy release, you need to change your configuration to use another property. See https://shinyproxy.io/documentation/security/#forward-headers on how to change your configuration.");
 		}
+
+		String sameSiteCookie = environment.getProperty("proxy.same-site-cookie", "Lax");
+		log.debug("Setting sameSiteCookie policy to {}" , sameSiteCookie);
+		defaultCookieSerializer.setSameSite(sameSiteCookie);
 	}
 
 	@Bean
@@ -134,16 +147,6 @@ public JSR353Module jsr353Module() {
 		return new JSR353Module();
 	}
 
-	/**
-	 * Compatibility with AWS ElastiCache
-	 *
-	 * @return
-	 */
-	@Bean
-	public static ConfigureRedisAction configureRedisAction() {
-		return ConfigureRedisAction.NO_OP;
-	}
-
 	@Bean
 	public HealthIndicator redisSessionHealthIndicator(RedisConnectionFactory rdeRedisConnectionFactory) {
 		if (Objects.equals(environment.getProperty("spring.session.store-type"), "redis")) {
@@ -166,11 +169,27 @@ public Health health() {
 		}
 	}
 
+	/**
+	 * This Bean ensures that User Session are properly expired when using Redis for session storage.
+	 */
+	@Bean
+	@ConditionalOnProperty(name = "spring.session.store-type", havingValue = "redis")
+	public <S extends Session> SessionRegistry sessionRegistry(FindByIndexNameSessionRepository<S> sessionRepository) {
+		return new SpringSessionBackedSessionRegistry<S>(sessionRepository);
+	}
+
+	@Bean
+	public HttpSessionEventPublisher httpSessionEventPublisher() {
+		return new HttpSessionEventPublisher();
+	}
+
 	private static void setDefaultProperties(SpringApplication app) {
 		Properties properties = new Properties();
 
 		// use in-memory session storage by default. Can be overwritten in application.yml
 		properties.put("spring.session.store-type", "none");
+		// required for proper working of the SP_USER_INITIATED_LOGOUT session attribute in the UserService
+		properties.put("spring.session.redis.flush-mode", "IMMEDIATE");
 
 		// disable multi-part handling by Spring. We don't need this anywhere in the application.
 		// When enabled this will cause problems when proxying file-uploads to the shiny apps.
@@ -181,6 +200,22 @@ private static void setDefaultProperties(SpringApplication app) {
 
 		properties.put("spring.application.name", "ContainerProxy");
 
+		// Metrics configuration
+		// ====================
+
+		// disable all supported exporters by default
+		// Note: if we upgrade to Spring Boot 2.4.0 we can use properties.put("management.metrics.export.defaults.enabled", "false");
+		properties.put("management.metrics.export.prometheus.enabled", "false");
+		properties.put("management.metrics.export.influx.enabled", "false");
+		// set actuator to port 9090 (can be overwritten)
+		properties.put("management.server.port", "9090");
+		// enable prometheus endpoint by default (but not the exporter)
+		properties.put("management.endpoint.prometheus.enabled", "true");
+		// include prometheus and health endpoint in exposure
+		properties.put("management.endpoints.web.exposure.include", "health,prometheus");
+
+		// ====================
+
 		// Health configuration
 		// ====================
 
@@ -190,7 +225,7 @@ private static void setDefaultProperties(SpringApplication app) {
 		properties.put("management.health.ldap.enabled", false);
 		// disable default redis health endpoint since it's managed by redisSession
 		properties.put("management.health.redis.enabled", "false");
-		// enable Kubernetes porobes
+		// enable Kubernetes probes
 		properties.put("management.endpoint.health.probes.enabled", true);
 
 		// ====================

src/main/java/eu/openanalytics/containerproxy/ContainerProxyException.java

@@ -1,7 +1,7 @@
 /**
  * ContainerProxy
  *
- * Copyright (C) 2016-2020 Open Analytics
+ * Copyright (C) 2016-2021 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/api/BaseController.java

@@ -1,7 +1,7 @@
 /**
  * ContainerProxy
  *
- * Copyright (C) 2016-2020 Open Analytics
+ * Copyright (C) 2016-2021 Open Analytics
  *
  * ===========================================================================
  *
@@ -20,14 +20,32 @@
  */
 package eu.openanalytics.containerproxy.api;
 
+import org.springframework.core.env.Environment;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.ResponseStatus;
 
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
 public class BaseController {
 
+	@Inject
+	private Environment environment;
+
+	protected void prepareMap(ModelMap map) {
+		map.put("title", environment.getProperty("proxy.title", "ShinyProxy"));
+		map.put("bootstrapCss", "/webjars/bootstrap/3.4.1/css/bootstrap.min.css");
+		map.put("bootstrapJs", "/webjars/bootstrap/3.4.1/js/bootstrap.min.js");
+		map.put("jqueryJs", "/webjars/jquery/3.5.0/jquery.min.js");
+	}
+
 	public static class NotFoundException extends RuntimeException {
 
 		private static final long serialVersionUID = 2042632906716154791L;

src/main/java/eu/openanalytics/containerproxy/api/ProxyController.java

@@ -1,7 +1,7 @@
 /**
  * ContainerProxy
  *
- * Copyright (C) 2016-2020 Open Analytics
+ * Copyright (C) 2016-2021 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/api/ProxyRouteController.java

@@ -1,7 +1,7 @@
 /**
  * ContainerProxy
  *
- * Copyright (C) 2016-2020 Open Analytics
+ * Copyright (C) 2016-2021 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/auth/AuthenticationBackendFactory.java

@@ -1,7 +1,7 @@
 /**
  * ContainerProxy
  *
- * Copyright (C) 2016-2020 Open Analytics
+ * Copyright (C) 2016-2021 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/auth/IAuthenticationBackend.java

@@ -1,7 +1,7 @@
 /**
  * ContainerProxy
  *
- * Copyright (C) 2016-2020 Open Analytics
+ * Copyright (C) 2016-2021 Open Analytics
  *
  * ===========================================================================
  *
@@ -59,7 +59,11 @@ public interface IAuthenticationBackend {
 	public default String getLogoutSuccessURL() {
 		return "/login";
 	}
-
+
+	public default String getLogoutURL() {
+		return "/logout";
+	}
+
 	public default void customizeContainer(ContainerSpec spec) {
 		// Default: do nothing.
 	}

src/main/java/eu/openanalytics/containerproxy/auth/UserLogoutHandler.java

@@ -1,7 +1,7 @@
 /**
  * ContainerProxy
  *
- * Copyright (C) 2016-2020 Open Analytics
+ * Copyright (C) 2016-2021 Open Analytics
  *
  * ===========================================================================
  *
@@ -35,7 +35,7 @@ public class UserLogoutHandler implements LogoutHandler {
 
 	@Inject
 	private UserService userService;
-	
+
 	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		userService.logout(authentication);