Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[New] Added setting for SameSite and Domain attributes on auth cookies

This commit is contained in:
Robert von Burg 2021-04-23 12:55:32 +02:00
parent 92143b9154
commit 5842e2f60a
1 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
View File

@ -23,6 +23,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.*;
import javax.ws.rs.core.*;
import javax.ws.rs.core.Response.Status;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.MessageFormat;
import java.time.LocalDateTime;
import java.util.Base64;
@ -342,7 +344,17 @@ public class AuthenticationService {
logger.warn(msg);
}
NewCookie cookie = new NewCookie(STROLCH_AUTHORIZATION, certificate.getAuthToken(), "/", null,
String domain;
try {
domain = new URL(request.getRequestURL().toString()).getHost();
} catch (MalformedURLException e) {
logger.error("Failed to parse URL: " + request.getRequestURL().toString(), e);
domain = null;
}
String path = "/;SameSite=Strict";
NewCookie cookie = new NewCookie(STROLCH_AUTHORIZATION, certificate.getAuthToken(), path, domain,
"Authorization header", (int) TimeUnit.DAYS.toSeconds(1), secureCookie);
return Response.ok().entity(jsonObject.toString())//
@ -437,10 +449,21 @@ public class AuthenticationService {
}
if (setCookies) {
NewCookie authCookie = new NewCookie(STROLCH_AUTHORIZATION, authToken, "/", null, "Authorization header",
cookieMaxAge, secureCookie);
NewCookie authExpirationCookie = new NewCookie(STROLCH_AUTHORIZATION_EXPIRATION_DATE, expirationDateS, "/",
null, "Authorization Expiration Date", cookieMaxAge, secureCookie);
String domain;
try {
domain = new URL(request.getRequestURL().toString()).getHost();
} catch (MalformedURLException e) {
logger.error("Failed to parse URL: " + request.getRequestURL().toString(), e);
domain = null;
}
String path = "/;SameSite=Strict";
NewCookie authCookie = new NewCookie(STROLCH_AUTHORIZATION, authToken, path, domain,
"Strolch Authorization header", cookieMaxAge, secureCookie);
NewCookie authExpirationCookie = new NewCookie(STROLCH_AUTHORIZATION_EXPIRATION_DATE, expirationDateS, path,
domain, "Strolch Authorization Expiration Date", cookieMaxAge, secureCookie);
return Response.ok().entity(loginResult.toString()) //
.header(HttpHeaders.AUTHORIZATION, authToken) //