[New] Also write a cookie when authenticating
- and of course allow the user to authenticate using the cookie
This commit is contained in:
parent
8fdcc00ed7
commit
fba2b09e04
|
@ -17,6 +17,9 @@ package li.strolch.rest;
|
||||||
|
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
|
import org.glassfish.jersey.server.ServerProperties;
|
||||||
|
|
||||||
|
import ch.eitchnet.utils.dbc.DBC;
|
||||||
import li.strolch.agent.api.ComponentContainer;
|
import li.strolch.agent.api.ComponentContainer;
|
||||||
import li.strolch.agent.api.StrolchAgent;
|
import li.strolch.agent.api.StrolchAgent;
|
||||||
import li.strolch.agent.api.StrolchComponent;
|
import li.strolch.agent.api.StrolchComponent;
|
||||||
|
@ -25,10 +28,6 @@ import li.strolch.rest.filters.HttpCacheResponseFilter;
|
||||||
import li.strolch.runtime.configuration.ComponentConfiguration;
|
import li.strolch.runtime.configuration.ComponentConfiguration;
|
||||||
import li.strolch.service.api.ServiceHandler;
|
import li.strolch.service.api.ServiceHandler;
|
||||||
|
|
||||||
import org.glassfish.jersey.server.ServerProperties;
|
|
||||||
|
|
||||||
import ch.eitchnet.utils.dbc.DBC;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
*/
|
*/
|
||||||
|
@ -39,6 +38,7 @@ public class RestfulStrolchComponent extends StrolchComponent {
|
||||||
private static final String PARAM_REST_LOGGING = "restLogging"; //$NON-NLS-1$
|
private static final String PARAM_REST_LOGGING = "restLogging"; //$NON-NLS-1$
|
||||||
private static final String PARAM_REST_LOGGING_ENTITY = "restLoggingEntity"; //$NON-NLS-1$
|
private static final String PARAM_REST_LOGGING_ENTITY = "restLoggingEntity"; //$NON-NLS-1$
|
||||||
private static final String PARAM_HTTP_CACHE_MODE = "httpCacheMode"; //$NON-NLS-1$
|
private static final String PARAM_HTTP_CACHE_MODE = "httpCacheMode"; //$NON-NLS-1$
|
||||||
|
private static final String PARAM_SECURE_COOKIE = "secureCookie"; //$NON-NLS-1$
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Allowed values:
|
* Allowed values:
|
||||||
|
@ -74,6 +74,7 @@ public class RestfulStrolchComponent extends StrolchComponent {
|
||||||
private boolean restLogging;
|
private boolean restLogging;
|
||||||
private boolean restLoggingEntity;
|
private boolean restLoggingEntity;
|
||||||
private String cacheMode;
|
private String cacheMode;
|
||||||
|
private boolean secureCookie;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param container
|
* @param container
|
||||||
|
@ -125,6 +126,13 @@ public class RestfulStrolchComponent extends StrolchComponent {
|
||||||
return this.restLoggingEntity;
|
return this.restLoggingEntity;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return the secureCookie
|
||||||
|
*/
|
||||||
|
public boolean isSecureCookie() {
|
||||||
|
return this.secureCookie;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void initialize(ComponentConfiguration configuration) throws Exception {
|
public void initialize(ComponentConfiguration configuration) throws Exception {
|
||||||
|
|
||||||
|
@ -150,6 +158,8 @@ public class RestfulStrolchComponent extends StrolchComponent {
|
||||||
this.cacheMode = configuration.getString(PARAM_HTTP_CACHE_MODE, HttpCacheResponseFilter.NO_CACHE);
|
this.cacheMode = configuration.getString(PARAM_HTTP_CACHE_MODE, HttpCacheResponseFilter.NO_CACHE);
|
||||||
logger.info("HTTP header cache mode is set to {}", cacheMode);
|
logger.info("HTTP header cache mode is set to {}", cacheMode);
|
||||||
|
|
||||||
|
this.secureCookie = configuration.getBoolean(PARAM_SECURE_COOKIE, true);
|
||||||
|
|
||||||
super.initialize(configuration);
|
super.initialize(configuration);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -21,4 +21,5 @@ package li.strolch.rest;
|
||||||
public class StrolchRestfulConstants {
|
public class StrolchRestfulConstants {
|
||||||
|
|
||||||
public static final String STROLCH_CERTIFICATE = "strolch.certificate"; //$NON-NLS-1$
|
public static final String STROLCH_CERTIFICATE = "strolch.certificate"; //$NON-NLS-1$
|
||||||
|
public static final String STROLCH_AUTHORIZATION = "strolch.authorization"; //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@ import java.text.MessageFormat;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.DELETE;
|
import javax.ws.rs.DELETE;
|
||||||
|
@ -30,6 +31,7 @@ import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.NewCookie;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.Response.Status;
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
|
||||||
|
@ -48,6 +50,7 @@ import ch.eitchnet.privilege.model.PrivilegeContext;
|
||||||
import ch.eitchnet.utils.helper.StringHelper;
|
import ch.eitchnet.utils.helper.StringHelper;
|
||||||
import li.strolch.exception.StrolchException;
|
import li.strolch.exception.StrolchException;
|
||||||
import li.strolch.rest.RestfulStrolchComponent;
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
|
import li.strolch.rest.StrolchRestfulConstants;
|
||||||
import li.strolch.rest.StrolchSessionHandler;
|
import li.strolch.rest.StrolchSessionHandler;
|
||||||
import li.strolch.rest.model.Login;
|
import li.strolch.rest.model.Login;
|
||||||
import li.strolch.rest.model.LoginResult;
|
import li.strolch.rest.model.LoginResult;
|
||||||
|
@ -112,9 +115,12 @@ public class AuthenticationService {
|
||||||
}
|
}
|
||||||
loginResult.setPrivileges(privileges);
|
loginResult.setPrivileges(privileges);
|
||||||
|
|
||||||
|
NewCookie cookie = new NewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION, certificate.getAuthToken(),
|
||||||
|
"/", null, "Authorization header", (int) TimeUnit.DAYS.toSeconds(1),
|
||||||
|
restfulStrolchComponent.isSecureCookie());
|
||||||
|
|
||||||
return Response.ok().entity(loginResult)//
|
return Response.ok().entity(loginResult)//
|
||||||
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
|
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken()).cookie(cookie).build();
|
||||||
.build();
|
|
||||||
|
|
||||||
} catch (InvalidCredentialsException e) {
|
} catch (InvalidCredentialsException e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
|
|
|
@ -22,19 +22,20 @@ import java.util.List;
|
||||||
|
|
||||||
import javax.ws.rs.container.ContainerRequestContext;
|
import javax.ws.rs.container.ContainerRequestContext;
|
||||||
import javax.ws.rs.container.ContainerRequestFilter;
|
import javax.ws.rs.container.ContainerRequestFilter;
|
||||||
|
import javax.ws.rs.core.Cookie;
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.ext.Provider;
|
import javax.ws.rs.ext.Provider;
|
||||||
|
|
||||||
import li.strolch.rest.RestfulStrolchComponent;
|
|
||||||
import li.strolch.rest.StrolchSessionHandler;
|
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import ch.eitchnet.privilege.model.Certificate;
|
import ch.eitchnet.privilege.model.Certificate;
|
||||||
import ch.eitchnet.utils.helper.StringHelper;
|
import ch.eitchnet.utils.helper.StringHelper;
|
||||||
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
|
import li.strolch.rest.StrolchRestfulConstants;
|
||||||
|
import li.strolch.rest.StrolchSessionHandler;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Reto Breitenmoser <reto.breitenmoser@4trees.ch>
|
* @author Reto Breitenmoser <reto.breitenmoser@4trees.ch>
|
||||||
|
@ -57,21 +58,37 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
||||||
|
|
||||||
String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
|
String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
|
||||||
if (StringHelper.isEmpty(sessionId)) {
|
if (StringHelper.isEmpty(sessionId)) {
|
||||||
logger.error("No SessionID on request to URL " + requestContext.getUriInfo().getPath());
|
|
||||||
|
Cookie cookie = requestContext.getCookies().get(StrolchRestfulConstants.STROLCH_AUTHORIZATION);
|
||||||
|
if (cookie == null) {
|
||||||
|
logger.error(
|
||||||
|
"No Authorization header or cookie on request to URL " + requestContext.getUriInfo().getPath());
|
||||||
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN)
|
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN)
|
||||||
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Missing Authorization!").build()); //$NON-NLS-1$
|
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Missing Authorization!") //$NON-NLS-1$
|
||||||
|
.build());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sessionId = cookie.getValue();
|
||||||
|
if (StringHelper.isEmpty(sessionId)) {
|
||||||
|
logger.error("Authorization Cookie value missing on request to URL "
|
||||||
|
+ requestContext.getUriInfo().getPath());
|
||||||
|
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN)
|
||||||
|
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Missing Authorization!") //$NON-NLS-1$
|
||||||
|
.build());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
|
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance()
|
||||||
StrolchSessionHandler.class);
|
.getComponent(StrolchSessionHandler.class);
|
||||||
Certificate certificate = sessionHandler.validate(sessionId);
|
Certificate certificate = sessionHandler.validate(sessionId);
|
||||||
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN)
|
requestContext.abortWith(
|
||||||
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
Response.status(Response.Status.FORBIDDEN).header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
||||||
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue