[New] Added setting for SameSite and Domain attributes on auth cookies
This commit is contained in:
parent
92143b9154
commit
5842e2f60a
|
@ -23,6 +23,8 @@ import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.ws.rs.*;
|
import javax.ws.rs.*;
|
||||||
import javax.ws.rs.core.*;
|
import javax.ws.rs.core.*;
|
||||||
import javax.ws.rs.core.Response.Status;
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
import java.net.MalformedURLException;
|
||||||
|
import java.net.URL;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.time.LocalDateTime;
|
import java.time.LocalDateTime;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
|
@ -342,7 +344,17 @@ public class AuthenticationService {
|
||||||
logger.warn(msg);
|
logger.warn(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
NewCookie cookie = new NewCookie(STROLCH_AUTHORIZATION, certificate.getAuthToken(), "/", null,
|
String domain;
|
||||||
|
try {
|
||||||
|
domain = new URL(request.getRequestURL().toString()).getHost();
|
||||||
|
} catch (MalformedURLException e) {
|
||||||
|
logger.error("Failed to parse URL: " + request.getRequestURL().toString(), e);
|
||||||
|
domain = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
String path = "/;SameSite=Strict";
|
||||||
|
|
||||||
|
NewCookie cookie = new NewCookie(STROLCH_AUTHORIZATION, certificate.getAuthToken(), path, domain,
|
||||||
"Authorization header", (int) TimeUnit.DAYS.toSeconds(1), secureCookie);
|
"Authorization header", (int) TimeUnit.DAYS.toSeconds(1), secureCookie);
|
||||||
|
|
||||||
return Response.ok().entity(jsonObject.toString())//
|
return Response.ok().entity(jsonObject.toString())//
|
||||||
|
@ -437,10 +449,21 @@ public class AuthenticationService {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (setCookies) {
|
if (setCookies) {
|
||||||
NewCookie authCookie = new NewCookie(STROLCH_AUTHORIZATION, authToken, "/", null, "Authorization header",
|
|
||||||
cookieMaxAge, secureCookie);
|
String domain;
|
||||||
NewCookie authExpirationCookie = new NewCookie(STROLCH_AUTHORIZATION_EXPIRATION_DATE, expirationDateS, "/",
|
try {
|
||||||
null, "Authorization Expiration Date", cookieMaxAge, secureCookie);
|
domain = new URL(request.getRequestURL().toString()).getHost();
|
||||||
|
} catch (MalformedURLException e) {
|
||||||
|
logger.error("Failed to parse URL: " + request.getRequestURL().toString(), e);
|
||||||
|
domain = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
String path = "/;SameSite=Strict";
|
||||||
|
|
||||||
|
NewCookie authCookie = new NewCookie(STROLCH_AUTHORIZATION, authToken, path, domain,
|
||||||
|
"Strolch Authorization header", cookieMaxAge, secureCookie);
|
||||||
|
NewCookie authExpirationCookie = new NewCookie(STROLCH_AUTHORIZATION_EXPIRATION_DATE, expirationDateS, path,
|
||||||
|
domain, "Strolch Authorization Expiration Date", cookieMaxAge, secureCookie);
|
||||||
|
|
||||||
return Response.ok().entity(loginResult.toString()) //
|
return Response.ok().entity(loginResult.toString()) //
|
||||||
.header(HttpHeaders.AUTHORIZATION, authToken) //
|
.header(HttpHeaders.AUTHORIZATION, authToken) //
|
||||||
|
|
Loading…
Reference in New Issue