[Fix] setting certificate if available in REST calls
This commit is contained in:
parent
1dc42b5e82
commit
97d42353e2
|
@ -15,6 +15,7 @@
|
||||||
*/
|
*/
|
||||||
package li.strolch.rest.filters;
|
package li.strolch.rest.filters;
|
||||||
|
|
||||||
|
import static li.strolch.rest.StrolchRestfulConstants.*;
|
||||||
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
||||||
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_REQUEST_SOURCE;
|
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_REQUEST_SOURCE;
|
||||||
import static li.strolch.utils.helper.StringHelper.*;
|
import static li.strolch.utils.helper.StringHelper.*;
|
||||||
|
@ -90,7 +91,9 @@ public class AuthenticationRequestFilter implements ContainerRequestFilter {
|
||||||
/**
|
/**
|
||||||
* Validates if the path for the given request is for an unsecured path, i.e. no authorization is required
|
* Validates if the path for the given request is for an unsecured path, i.e. no authorization is required
|
||||||
*
|
*
|
||||||
* @param requestContext the request context
|
* @param requestContext
|
||||||
|
* the request context
|
||||||
|
*
|
||||||
* @return true if the request context is for an unsecured path, false if not, meaning authorization must be
|
* @return true if the request context is for an unsecured path, false if not, meaning authorization must be
|
||||||
* validated
|
* validated
|
||||||
*/
|
*/
|
||||||
|
@ -118,7 +121,7 @@ public class AuthenticationRequestFilter implements ContainerRequestFilter {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
if (isUnsecuredPath(requestContext)) {
|
if (isUnsecuredPath(requestContext)) {
|
||||||
validateSessionIfAvailable(requestContext, remoteIp);
|
setCertificateIfAvailable(requestContext, remoteIp);
|
||||||
} else {
|
} else {
|
||||||
validateSession(requestContext, remoteIp);
|
validateSession(requestContext, remoteIp);
|
||||||
}
|
}
|
||||||
|
@ -141,19 +144,30 @@ public class AuthenticationRequestFilter implements ContainerRequestFilter {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void validateSessionIfAvailable(ContainerRequestContext requestContext, String remoteIp) {
|
protected void setCertificateIfAvailable(ContainerRequestContext requestContext, String remoteIp) {
|
||||||
|
StrolchSessionHandler sessionHandler = getSessionHandler();
|
||||||
|
|
||||||
String sessionId = trimOrEmpty(requestContext.getHeaderString(HttpHeaders.AUTHORIZATION));
|
String sessionId = trimOrEmpty(requestContext.getHeaderString(HttpHeaders.AUTHORIZATION));
|
||||||
if (sessionId.isEmpty()) {
|
if (isNotEmpty(sessionId)) {
|
||||||
sessionId = getSessionIdFromCookie(requestContext);
|
if (sessionHandler.isSessionKnown(sessionId)) {
|
||||||
if (isEmpty(sessionId)) {
|
validateCertificate(requestContext, sessionId, remoteIp);
|
||||||
return;
|
} else {
|
||||||
|
logger.error("Session " + sessionId + " by authorization header does not exist anymore, ignoring!");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sessionId.startsWith("Basic "))
|
sessionId = getSessionIdFromCookie(requestContext);
|
||||||
authenticateBasic(requestContext, sessionId, remoteIp);
|
if (isEmpty(sessionId)) {
|
||||||
else
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sessionHandler.isSessionKnown(sessionId)) {
|
||||||
validateCertificate(requestContext, sessionId, remoteIp);
|
validateCertificate(requestContext, sessionId, remoteIp);
|
||||||
|
} else {
|
||||||
|
logger.error("Session " + sessionId + " by cookie does not exist anymore, ignoring!");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -165,8 +179,11 @@ public class AuthenticationRequestFilter implements ContainerRequestFilter {
|
||||||
* Sub classes should override this method and first call super. If the return value is non-null, then further
|
* Sub classes should override this method and first call super. If the return value is non-null, then further
|
||||||
* validation can be performed
|
* validation can be performed
|
||||||
*
|
*
|
||||||
* @param requestContext the request context for the secured path
|
* @param requestContext
|
||||||
* @param remoteIp the remote IP
|
* the request context for the secured path
|
||||||
|
* @param remoteIp
|
||||||
|
* the remote IP
|
||||||
|
*
|
||||||
* @return the certificate for the validated session, or null, of the request is aborted to no missing or invalid
|
* @return the certificate for the validated session, or null, of the request is aborted to no missing or invalid
|
||||||
* authorization token
|
* authorization token
|
||||||
*/
|
*/
|
||||||
|
@ -180,7 +197,7 @@ public class AuthenticationRequestFilter implements ContainerRequestFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected String getSessionIdFromCookie(ContainerRequestContext requestContext) {
|
protected String getSessionIdFromCookie(ContainerRequestContext requestContext) {
|
||||||
Cookie cookie = requestContext.getCookies().get(StrolchRestfulConstants.STROLCH_AUTHORIZATION);
|
Cookie cookie = requestContext.getCookies().get(STROLCH_AUTHORIZATION);
|
||||||
if (cookie == null)
|
if (cookie == null)
|
||||||
return "";
|
return "";
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue