Fix #1668: Add configuration to disable websockets (#1669) (#1676)

wultra · Jul 31, 2024 · c5c4cd9 · c5c4cd9
1 parent 5b659d6
commit c5c4cd9
Show file tree

Hide file tree

Showing 14 changed files with 235 additions and 36 deletions.
diff --git a/...me/security/powerauth/lib/webflow/authentication/mtoken/controller/MessageController.java b/...me/security/powerauth/lib/webflow/authentication/mtoken/controller/MessageController.java
@@ -18,8 +18,9 @@
 package io.getlime.security.powerauth.lib.webflow.authentication.mtoken.controller;
 
 import io.getlime.security.powerauth.lib.webflow.authentication.model.request.WebSocketRegistrationRequest;
-import io.getlime.security.powerauth.lib.webflow.authentication.service.WebSocketMessageService;
+import io.getlime.security.powerauth.lib.webflow.authentication.service.websocket.WebSocketMessageService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.messaging.handler.annotation.MessageMapping;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.stereotype.Controller;
@@ -30,6 +31,7 @@
  * @author Roman Strobl
  */
 @Controller
+@ConditionalOnProperty(name = "powerauth.webflow.websockets.enabled", havingValue = "true")
 public class MessageController {
 
  private final WebSocketMessageService webSocketMessageService;

diff --git a/...curity/powerauth/lib/webflow/authentication/mtoken/controller/MobileAppApiController.java b/...curity/powerauth/lib/webflow/authentication/mtoken/controller/MobileAppApiController.java
@@ -55,7 +55,7 @@
 import io.getlime.security.powerauth.lib.webflow.authentication.mtoken.model.response.MobileTokenAuthenticationResponse;
 import io.getlime.security.powerauth.lib.webflow.authentication.service.AuthMethodQueryService;
 import io.getlime.security.powerauth.lib.webflow.authentication.service.PowerAuthOperationService;
-import io.getlime.security.powerauth.lib.webflow.authentication.service.WebSocketMessageService;
+import io.getlime.security.powerauth.lib.webflow.authentication.service.websocket.WebSocketMessageService;
 import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth;
 import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthToken;
 import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthActivation;
@@ -65,6 +65,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -95,6 +96,12 @@ public class MobileAppApiController extends AuthMethodController<MobileTokenAuth
 
  private final FormDataConverter formDataConverter = new FormDataConverter();
 
+ /**
+ * WebSocket support configuration.
+ */
+ @Value("${powerauth.webflow.websockets.enabled:true}")
+ private boolean webSocketSupportEnabled;
+
  /**
  * Controller constructor.
  * @param webSocketMessageService Web Socket message service.
@@ -305,7 +312,9 @@ private Map<String, GetOperationConfigDetailResponse> getOperationConfigs(List<G
  throw new OperationIsAlreadyFailedException("Operation approval has failed");
  }
  final AuthOperationResponse updateOperationResponse = authorize(operationId, userId, operation.getOrganizationId(), authInstruments, authenticationContext, null);
- webSocketMessageService.notifyAuthorizationComplete(operationId, updateOperationResponse.getAuthResult());
+ if (webSocketSupportEnabled) {
+ webSocketMessageService.notifyAuthorizationComplete(operationId, updateOperationResponse.getAuthResult());
+ }
  return new Response();
  } else {
  boolean approvalFailSucceeded = powerAuthOperationService.failApprovalForOperation(operation);
@@ -349,7 +358,7 @@ private Map<String, GetOperationConfigDetailResponse> getOperationConfigs(List<G
  final GetOperationDetailResponse operation = getOperation(operationId);
  boolean rejectSucceeded = powerAuthOperationService.rejectOperation(operation, activationId);
  final UpdateOperationResponse updateOperationResponse = cancelAuthorization(operationId, userId, OperationCancelReason.fromString(request.getRequestObject().getReason()), null, false);
- if (updateOperationResponse != null) {
+ if (webSocketSupportEnabled && updateOperationResponse != null) {
  webSocketMessageService.notifyAuthorizationComplete(operationId, updateOperationResponse.getResult());
  }
  if (!rejectSucceeded) {

diff --git a/...rity/powerauth/lib/webflow/authentication/configuration/WebFlowServicesConfiguration.java b/...rity/powerauth/lib/webflow/authentication/configuration/WebFlowServicesConfiguration.java
@@ -78,6 +78,12 @@ public class WebFlowServicesConfiguration {
  @Value("${powerauth.webflow.pa.operations.enabled}")
  private boolean powerAuthOperationSupportEnabled;
 
+ /**
+ * WebSocket support configuration.
+ */
+ @Value("${powerauth.webflow.websockets.enabled:true}")
+ private boolean webSocketSupportEnabled;
+
  /**
  * Authentication type which configures how username and password is transferred for verification.
  */
@@ -220,6 +226,14 @@ public boolean isPowerAuthOperationSupportEnabled() {
  return powerAuthOperationSupportEnabled;
  }
 
+ /**
+ * Get whether WebSocket support is enabled.
+ * @return Whether WebSocket support is enabled.
+ */
+ public boolean isWebSocketSupportEnabled() {
+ return webSocketSupportEnabled;
+ }
+
  /**
  * Get authentication type which configures how username and password is transferred for verification.
  * @return Authentication type.

diff --git a/...e/security/powerauth/lib/webflow/authentication/listener/WebSocketDisconnectListener.java b/...e/security/powerauth/lib/webflow/authentication/listener/WebSocketDisconnectListener.java
@@ -23,6 +23,7 @@
 import io.getlime.security.powerauth.lib.webflow.authentication.service.OperationCancellationService;
 import io.getlime.security.powerauth.lib.webflow.authentication.service.OperationSessionService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.ApplicationListener;
 import org.springframework.stereotype.Component;
 import org.springframework.web.socket.CloseStatus;
@@ -34,6 +35,7 @@
  * @author Roman Strobl, [email protected]
  */
 @Component
+@ConditionalOnProperty(name = "powerauth.webflow.websockets.enabled", havingValue = "true")
 public class WebSocketDisconnectListener implements ApplicationListener<SessionDisconnectEvent> {
 
  private final OperationSessionService operationSessionService;

diff --git a/...urity/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageService.java b/...urity/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageService.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2024 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.getlime.security.powerauth.lib.webflow.authentication.service.websocket;
+
+import io.getlime.security.powerauth.lib.nextstep.model.enumeration.AuthResult;
+
+/**
+ * Interface for WebSocket messages.
+ *
+ * @author Roman Strobl, [email protected]
+ */
+public interface WebSocketMessageService {
+
+ /**
+ * Notification of clients about completed authorization.
+ *
+ * @param operationId Operation ID.
+ * @param authResult Authorization result.
+ */
+ void notifyAuthorizationComplete(String operationId, AuthResult authResult);
+
+ /**
+ * Sends a message about successful websocket registration to the user.
+ *
+ * @param operationHash Operation hash.
+ * @param sessionId Session ID.
+ * @param registrationSucceeded Whether Web Socket registration was successful.
+ */
+ void sendRegistrationMessage(String operationHash, String sessionId, boolean registrationSucceeded);
+
+ /**
+ * Get Web Socket session ID for given operation hash.
+ *
+ * @param operationHash Operation hash.
+ * @return Web Socket session ID.
+ */
+ String lookupWebSocketSessionId(String operationHash);
+
+ /**
+ * Store a mapping for new web socket identifier to the Web Socket session with given ID.
+ *
+ * @param operationHash Operation hash.
+ * @param webSocketSessionId Web Socket Session ID.
+ * @param clientIpAddress Remote client IP address.
+ * @return Whether Web Socket registration was successful.
+ */
+ boolean registerWebSocketSession(String operationHash, String webSocketSessionId, String clientIpAddress);
+
+}
diff --git a/.../powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageServiceDummy.java b/.../powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageServiceDummy.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2024 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.getlime.security.powerauth.lib.webflow.authentication.service.websocket;
+
+import io.getlime.security.powerauth.lib.nextstep.model.enumeration.AuthResult;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Service;
+
+/**
+ * Dummy WebSocket service.
+ *
+ * @author Roman Strobl, [email protected]
+ */
+@Service
+@Slf4j
+@ConditionalOnProperty(name = "powerauth.webflow.websockets.enabled", havingValue = "false", matchIfMissing = true)
+public class WebSocketMessageServiceDummy implements WebSocketMessageService {
+
+ {
+ logger.info("WebSocketMessageServiceDummy was initialized.");
+ }
+
+ @Override
+ public void notifyAuthorizationComplete(String operationId, AuthResult authResult) {
+ }
+
+ @Override
+ public void sendRegistrationMessage(String operationHash, String sessionId, boolean registrationSucceeded) {
+ }
+
+ @Override
+ public String lookupWebSocketSessionId(String operationHash) {
+ return null;
+ }
+
+ @Override
+ public boolean registerWebSocketSession(String operationHash, String webSocketSessionId, String clientIpAddress) {
+ return false;
+ }
+
+}
diff --git a/...tion/service/WebSocketMessageService.java → ...ebsocket/WebSocketMessageServiceImpl.java b/...tion/service/WebSocketMessageService.java → ...ebsocket/WebSocketMessageServiceImpl.java
@@ -14,12 +14,15 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
-package io.getlime.security.powerauth.lib.webflow.authentication.service;
+package io.getlime.security.powerauth.lib.webflow.authentication.service.websocket;
 
 import io.getlime.security.powerauth.lib.nextstep.model.enumeration.AuthResult;
 import io.getlime.security.powerauth.lib.webflow.authentication.model.response.WebSocketAuthorizationResponse;
 import io.getlime.security.powerauth.lib.webflow.authentication.model.response.WebSocketRegistrationResponse;
+import io.getlime.security.powerauth.lib.webflow.authentication.service.OperationSessionService;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.messaging.MessageHeaders;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
@@ -33,7 +36,9 @@
  * @author Petr Dvorak, [email protected]
  */
 @Service
-public class WebSocketMessageService {
+@Slf4j
+@ConditionalOnProperty(name = "powerauth.webflow.websockets.enabled", havingValue = "true")
+public class WebSocketMessageServiceImpl implements WebSocketMessageService {
 
  private final SimpMessagingTemplate websocket;
  private final OperationSessionService operationSessionService;
@@ -44,9 +49,10 @@ public class WebSocketMessageService {
  * @param operationSessionService Operation to session mapping service.
  */
  @Autowired
- public WebSocketMessageService(SimpMessagingTemplate websocket, OperationSessionService operationSessionService) {
+ public WebSocketMessageServiceImpl(SimpMessagingTemplate websocket, OperationSessionService operationSessionService) {
  this.websocket = websocket;
  this.operationSessionService = operationSessionService;
+ logger.info("WebSocketMessageServiceImpl was initialized.");
  }
 
  /**
@@ -62,12 +68,7 @@ private MessageHeaders createHeaders(String webSocketSessionId) {
  return headerAccessor.getMessageHeaders();
  }
 
- /**
- * Notification of clients about completed authorization.
- *
- * @param operationId Operation ID.
- * @param authResult Authorization result.
- */
+ @Override
  public void notifyAuthorizationComplete(String operationId, AuthResult authResult) {
  final String webSocketId = operationSessionService.generateOperationHash(operationId);
  final String sessionId = lookupWebSocketSessionId(webSocketId);
@@ -79,38 +80,20 @@ public void notifyAuthorizationComplete(String operationId, AuthResult authResul
  }
  }
 
- /**
- * Sends a message about successful websocket registration to the user.
- *
- * @param operationHash Operation hash.
- * @param sessionId Session ID.
- * @param registrationSucceeded Whether Web Socket registration was successful.
- */
+ @Override
  public void sendRegistrationMessage(String operationHash, String sessionId, boolean registrationSucceeded) {
  WebSocketRegistrationResponse registrationResponse = new WebSocketRegistrationResponse();
  registrationResponse.setWebSocketId(operationHash);
  registrationResponse.setRegistrationSucceeded(registrationSucceeded);
  websocket.convertAndSendToUser(sessionId, "/topic/registration", registrationResponse, createHeaders(sessionId));
  }
 
- /**
- * Get Web Socket session ID for given operation hash.
- *
- * @param operationHash Operation hash.
- * @return Web Socket session ID.
- */
+ @Override
  public String lookupWebSocketSessionId(String operationHash) {
  return operationSessionService.lookupWebSocketSessionIdByOperationHash(operationHash);
  }
 
- /**
- * Store a mapping for new web socket identifier to the Web Socket session with given ID.
- *
- * @param operationHash Operation hash.
- * @param webSocketSessionId Web Socket Session ID.
- * @param clientIpAddress Remote client IP address.
- * @return Whether Web Socket registration was successful.
- */
+ @Override
  public boolean registerWebSocketSession(String operationHash, String webSocketSessionId, String clientIpAddress) {
  return operationSessionService.registerWebSocketSession(operationHash, webSocketSessionId, clientIpAddress);
  }

diff --git a/powerauth-webflow/pom.xml b/powerauth-webflow/pom.xml
@@ -243,6 +243,39 @@
  </build>
 
  <profiles>
+ <profile>
+ <id>websockets-enabled</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-messaging</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-websocket</artifactId>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ <profile>
+ <id>websockets-disabled</id>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-messaging</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-websocket</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+ </profile>
+
  <profile>
  <id>test-repository</id>
  <activation>

diff --git a/...a/io/getlime/security/powerauth/app/webflow/configuration/WebFlowServerConfiguration.java b/...a/io/getlime/security/powerauth/app/webflow/configuration/WebFlowServerConfiguration.java
@@ -187,6 +187,12 @@ public class WebFlowServerConfiguration {
  @Value("${powerauth.webflow.approval.certificate.signer.ica.extensionInstallURLFirefox:}")
  private String icaExtensionInstallURLFirefox;
 
+ /**
+ * WebSocket support configuration.
+ */
+ @Value("${powerauth.webflow.websockets.enabled:true}")
+ private boolean webSocketSupportEnabled;
+
  /**
  * Configuration constructor.
  * @param auditFactory Audit factory.
@@ -392,6 +398,14 @@ public String getIcaExtensionInstallURLFirefox() {
  return icaExtensionInstallURLFirefox;
  }
 
+ /**
+ * Get whether WebSocket support is enabled.
+ * @return Whether WebSocket support is enabled.
+ */
+ public boolean isWebSocketSupportEnabled() {
+ return webSocketSupportEnabled;
+ }
+
  /**
  * Prepare audit interface.
  * @return Audit interface.