From 377e1bbec305c22ac1847556c027a3c3aac1bfa2 Mon Sep 17 00:00:00 2001
From: Okke Harsta <oharsta@zilverline.com>
Date: Sat, 21 Dec 2024 08:22:02 +0100
Subject: [PATCH] Log headers

---
 .../src/main/java/dashboard/ShibbolethSecurityConfig.java    | 3 ++-
 .../src/main/java/dashboard/shibboleth/ShibbolethHeader.java | 3 ++-
 .../ShibbolethPreAuthenticatedProcessingFilter.java          | 5 +++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/dashboard-server/src/main/java/dashboard/ShibbolethSecurityConfig.java b/dashboard-server/src/main/java/dashboard/ShibbolethSecurityConfig.java
index 251646d2f..64223a440 100644
--- a/dashboard-server/src/main/java/dashboard/ShibbolethSecurityConfig.java
+++ b/dashboard-server/src/main/java/dashboard/ShibbolethSecurityConfig.java
@@ -117,8 +117,9 @@ public void configure(WebSecurity web) throws Exception {
                         "/images/**",
                         "/img/**",
                         "/js/**",
-                        "/health",
+                        "/internal/**",
                         "/info",
+                        "/health",
                         "/serviceProvider/api/**");
     }
 
diff --git a/dashboard-server/src/main/java/dashboard/shibboleth/ShibbolethHeader.java b/dashboard-server/src/main/java/dashboard/shibboleth/ShibbolethHeader.java
index 7c6847f71..8e296b754 100644
--- a/dashboard-server/src/main/java/dashboard/shibboleth/ShibbolethHeader.java
+++ b/dashboard-server/src/main/java/dashboard/shibboleth/ShibbolethHeader.java
@@ -30,7 +30,8 @@ public enum ShibbolethHeader {
     Shib_NlEduPersonOrgUnit("Shib-nlEduPersonOrgUnit"),
     Shib_NlEduPersonStudyBranch("Shib-nlEduPersonStudyBranch"),
     Shib_NlStudielinkNummer("Shib-nlStudielinkNummer"),
-    Shib_SURFEckid("Shib-surfEckid");
+    Shib_SURFEckid("Shib-surfEckid"),
+    Shib_SURFautorisaties("Shib-surf-autorisaties");
 
     private final String value;
 
diff --git a/dashboard-server/src/main/java/dashboard/shibboleth/ShibbolethPreAuthenticatedProcessingFilter.java b/dashboard-server/src/main/java/dashboard/shibboleth/ShibbolethPreAuthenticatedProcessingFilter.java
index c10ca7222..c3a3e6c6b 100644
--- a/dashboard-server/src/main/java/dashboard/shibboleth/ShibbolethPreAuthenticatedProcessingFilter.java
+++ b/dashboard-server/src/main/java/dashboard/shibboleth/ShibbolethPreAuthenticatedProcessingFilter.java
@@ -59,6 +59,7 @@ public class ShibbolethPreAuthenticatedProcessingFilter extends AbstractPreAuthe
                 .put("urn:mace:surffederatie.nl:attribute-def:nlEduPersonStudyBranch", Shib_NlEduPersonStudyBranch)
                 .put("urn:mace:surffederatie.nl:attribute-def:nlStudielinkNummer", Shib_NlStudielinkNummer)
                 .put("urn:mace:surf.nl:attribute-def:eckid", Shib_SURFEckid)
+                .put("urn:mace:surf.nl:attribute-def:surf-autorisaties", Shib_SURFautorisaties)
                 .build();
     }
 
@@ -130,9 +131,9 @@ public ShibbolethPreAuthenticatedProcessingFilter(AuthenticationManager authenti
     @Override
     protected Object getPreAuthenticatedPrincipal(final HttpServletRequest request) {
         Enumeration<String> headerNames = request.getHeaderNames();
-        if (headerNames != null && LOG.isTraceEnabled()) {
+        if (headerNames != null && !request.getRequestURI().endsWith("health") && !request.getRequestURI().endsWith("ico")) {
             ArrayList<String> list = Collections.list(headerNames);
-            LOG.trace("Received headers {}", list.stream().collect(toMap(
+            LOG.info("Received headers {}", list.stream().collect(toMap(
                     name -> name,
                     name -> {
                         Enumeration<String> headers = request.getHeaders(name);