hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 10:04:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Retrieve token from cookie only when checking an authenticated eperson

Browse Source
This commit is contained in:
Giuseppe Digilio
2020-01-09 12:08:55 +01:00
parent 4ce3c8cbda
commit 10bbf8079b
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dspace-server-webapp/src/main/java/org/dspace/app/rest/security/jwt/JWTTokenRestAuthenticationServiceImpl.java
View File

@@ -87,7 +87,7 @@ public class JWTTokenRestAuthenticationServiceImpl implements RestAuthentication
@Override @Override
public EPerson getAuthenticatedEPerson(HttpServletRequest request, Context context) { public EPerson getAuthenticatedEPerson(HttpServletRequest request, Context context) {
String token = getToken(request); String token = getToken(request, true);
try { try {
EPerson ePerson = jwtTokenHandler.parseEPersonFromToken(token, request, context); EPerson ePerson = jwtTokenHandler.parseEPersonFromToken(token, request, context);
return ePerson; return ePerson;
@@ -110,7 +110,7 @@ public class JWTTokenRestAuthenticationServiceImpl implements RestAuthentication
@Override @Override
public void invalidateAuthenticationData(HttpServletRequest request, HttpServletResponse response, public void invalidateAuthenticationData(HttpServletRequest request, HttpServletResponse response,
Context context) throws Exception { Context context) throws Exception {
String token = getToken(request); String token = getToken(request, false);
Cookie cookie = new Cookie(AUTHORIZATION_COOKIE, ""); Cookie cookie = new Cookie(AUTHORIZATION_COOKIE, "");
cookie.setHttpOnly(true); cookie.setHttpOnly(true);
response.addCookie(cookie); response.addCookie(cookie);
@@ -156,10 +156,10 @@ public class JWTTokenRestAuthenticationServiceImpl implements RestAuthentication
response.setHeader(AUTHORIZATION_HEADER, String.format("%s %s", AUTHORIZATION_TYPE, token)); response.setHeader(AUTHORIZATION_HEADER, String.format("%s %s", AUTHORIZATION_TYPE, token));
} }
private String getToken(HttpServletRequest request) { private String getToken(HttpServletRequest request, Boolean useCookie) {
String tokenValue = null; String tokenValue = null;
String authHeader = request.getHeader(AUTHORIZATION_HEADER); String authHeader = request.getHeader(AUTHORIZATION_HEADER);
String authCookie = getAuthorizationCookie(request); String authCookie = useCookie ? getAuthorizationCookie(request) : "";
if (StringUtils.isNotBlank(authHeader)) { if (StringUtils.isNotBlank(authHeader)) {
tokenValue = authHeader.replace(AUTHORIZATION_TYPE, "").trim(); tokenValue = authHeader.replace(AUTHORIZATION_TYPE, "").trim();
} else if (StringUtils.isNotBlank(authCookie)) { } else if (StringUtils.isNotBlank(authCookie)) {