The geOrchestra Gateway has a requirement to redirect to /login when a request has a login query parameter (e.g. /geonetwork/?login -> /login), that comes from the old security proxy.
So far it was implemented in AccessRulesCustomizer by requiring such requests to be authenticated, and delegating to spring security to perform the redirection.
When the request is not authenticated already, and the request headers do not contain Accept: text/html, spring security would challenge with a basic auth popup instead.
This patch introduces a LoginParamRedirectGatewayFilter, set up as one of the default filters in application.yml, that performs a redirect in either case, delegating to a
org.springframework.cloud.gateway.filter.factory.RedirectToGatewayFilterFactory.
Check out docs/custom_filters.adoc for configuration information.
The geOrchestra Gateway has a requirement to redirect to /login when a request has a
loginquery parameter (e.g./geonetwork/?login->/login), that comes from the old security proxy.So far it was implemented in
AccessRulesCustomizerby requiring such requests to be authenticated, and delegating to spring security to perform the redirection.When the request is not authenticated already, and the request headers do not contain
Accept: text/html, spring security would challenge with a basic auth popup instead.This patch introduces a
LoginParamRedirectGatewayFilter, set up as one of the default filters inapplication.yml, that performs a redirect in either case, delegating to aorg.springframework.cloud.gateway.filter.factory.RedirectToGatewayFilterFactory.Check out
docs/custom_filters.adocfor configuration information.Note for the docker composition, the following datadir PR is required: https://github.com/georchestra/datadir/pull/415 The rationale is in the PR description
Fixes #132