Skip to content
This repository was archived by the owner on Feb 23, 2025. It is now read-only.

SamlCsrfCheck.isSafe causes load of the SAML plugin settings from disk on every request #116

Open
pavelsher opened this issue Mar 10, 2023 · 2 comments
Open

SamlCsrfCheck.isSafe causes load of the SAML plugin settings from disk on every request #116

pavelsher opened this issue Mar 10, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@pavelsher
Copy link

Every request which is going through SamlCsrfCheck.isSafe causes loading of the plugin settings from disk.
TeamCity calls CsrfCheck extensions on every request be it GET, or anything else.
It seems like SamlCsrfCheck could at lease check that the request is not GET and only in this case perform the load of the settings.
A better approach would be cache the plugin settings in memory and reload them more rarely.

at [[email protected]](mailto:[email protected])/java.io.FileInputStream.open0(Native Method)
at [[email protected]](mailto:[email protected])/java.io.FileInputStream.open(FileInputStream.java:219)
at [[email protected]](mailto:[email protected])/java.io.FileInputStream.<init>(FileInputStream.java:157)
at com.fasterxml.jackson.core.JsonFactory.createParser(JsonFactory.java:1029)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3494)
at jetbrains.buildServer.auth.saml.plugin.SamlPluginSettingsStorageImpl.load(SamlPluginSettingsStorageImpl.java:34)
at jetbrains.buildServer.web.SamlCsrfCheck.isSafe(SamlCsrfCheck.java:32)
at jetbrains.buildServer.web.CSRFFilter.validateRequest(CSRFFilter.java:119)
at jetbrains.buildServer.controllers.interceptors.AuthorizationInterceptorImpl.checkCsrfWithAuthenticatedUser(AuthorizationInterceptorImpl.java:30)
@morincer
Copy link
Owner

Hi Pavel, thanks for the report. Will implement in upcoming release.

@morincer morincer added the enhancement New feature or request label Mar 10, 2023
Linfar added a commit to Linfar/teamcity-plugin-saml that referenced this issue Feb 1, 2024
@Linfar
https://github.com/morincer/teamcity-plugin-saml/issues/116
ebe5542 
Add caching for SamlPluginSettings. Settings are cached in memory. To support multi-node setup, settings are monitored with a FileWatcher which forces reload on file change (10 seconds check period).
@Linfar
Copy link
Contributor

Linfar commented Feb 1, 2024

I've opened a pull request to add caching to settings: #124

morincer added a commit that referenced this issue Feb 5, 2024
@morincer
Merge pull request #124 from Linfar/fix_bug_116
29bcc89 
#116
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pavelsher @Linfar @morincer