hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-18 07:23:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added a cookie with JWT to response

Browse Source
This commit is contained in:
Giuseppe Digilio
2019-10-23 10:02:18 +02:00
parent 4240ade8ca
commit 13482c2eb7
1 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
dspace-server-webapp/src/main/java/org/dspace/app/rest/security/jwt/JWTTokenRestAuthenticationServiceImpl.java
View File

@@ -12,6 +12,8 @@ import java.sql.SQLException;
import java.text.ParseException; import java.text.ParseException;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@@ -37,11 +39,13 @@ import org.springframework.stereotype.Component;
* *
* @author Frederic Van Reet (frederic dot vanreet at atmire dot com) * @author Frederic Van Reet (frederic dot vanreet at atmire dot com)
* @author Tom Desair (tom dot desair at atmire dot com) * @author Tom Desair (tom dot desair at atmire dot com)
* @author Giuseppe Digilio (giuseppe dot digilio at 4science dot it)
*/ */
@Component @Component
public class JWTTokenRestAuthenticationServiceImpl implements RestAuthenticationService, InitializingBean { public class JWTTokenRestAuthenticationServiceImpl implements RestAuthenticationService, InitializingBean {
private static final Logger log = LoggerFactory.getLogger(RestAuthenticationService.class); private static final Logger log = LoggerFactory.getLogger(RestAuthenticationService.class);
private static final String AUTHORIZATION_COOKIE = "Authorization-cookie";
private static final String AUTHORIZATION_HEADER = "Authorization"; private static final String AUTHORIZATION_HEADER = "Authorization";
private static final String AUTHORIZATION_TYPE = "Bearer"; private static final String AUTHORIZATION_TYPE = "Bearer";
@@ -141,17 +145,29 @@ public class JWTTokenRestAuthenticationServiceImpl implements RestAuthentication
} }
private void addTokenToResponse(final HttpServletResponse response, final String token) throws IOException { private void addTokenToResponse(final HttpServletResponse response, final String token) throws IOException {
Cookie cookie = new Cookie(AUTHORIZATION_COOKIE, token);
cookie.setHttpOnly(true);
response.addCookie(cookie);
response.setHeader(AUTHORIZATION_HEADER, String.format("%s %s", AUTHORIZATION_TYPE, token)); response.setHeader(AUTHORIZATION_HEADER, String.format("%s %s", AUTHORIZATION_TYPE, token));
} }
private String getToken(HttpServletRequest request) { private String getToken(HttpServletRequest request) {
String tokenValue = null;
String authHeader = request.getHeader(AUTHORIZATION_HEADER); String authHeader = request.getHeader(AUTHORIZATION_HEADER);
if (StringUtils.isNotBlank(authHeader)) { if (StringUtils.isNotBlank(authHeader)) {
String tokenValue = authHeader.replace(AUTHORIZATION_TYPE, "").trim(); tokenValue = authHeader.replace(AUTHORIZATION_TYPE, "").trim();
return tokenValue;
} else { } else {
return null; Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals(AUTHORIZATION_COOKIE) && StringUtils.isNotEmpty(cookie.getValue())) {
tokenValue = cookie.getValue();
}
}
} }
} }
return tokenValue;
}
} }