use of io.undertow.server.handlers.Cookie in project undertow by undertow-io.
the class SingleSignOnAuthenticationMechanism method authenticate.
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
Cookie cookie = exchange.getRequestCookies().get(cookieName);
if (cookie != null) {
final String ssoId = cookie.getValue();
log.tracef("Found SSO cookie %s", ssoId);
try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) {
if (sso != null) {
if (log.isTraceEnabled()) {
log.tracef("SSO session with ID: %s found.", ssoId);
}
Account verified = getIdentityManager(securityContext).verify(sso.getAccount());
if (verified == null) {
if (log.isTraceEnabled()) {
log.tracef("Account not found. Returning 'not attempted' here.");
}
//we return not attempted here to allow other mechanisms to proceed as normal
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
final Session session = getSession(exchange);
registerSessionIfRequired(sso, session);
securityContext.authenticationComplete(verified, sso.getMechanismName(), false);
securityContext.registerNotificationReceiver(new NotificationReceiver() {
@Override
public void handleNotification(SecurityNotification notification) {
if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) {
singleSignOnManager.removeSingleSignOn(sso);
}
}
});
log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName());
return AuthenticationMechanismOutcome.AUTHENTICATED;
}
}
clearSsoCookie(exchange);
}
exchange.addResponseWrapper(responseListener);
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
use of io.undertow.server.handlers.Cookie in project undertow by undertow-io.
the class SessionCookieConfig method clearSession.
@Override
public void clearSession(final HttpServerExchange exchange, final String sessionId) {
Cookie cookie = new CookieImpl(cookieName, sessionId).setPath(path).setDomain(domain).setDiscard(discard).setSecure(secure).setHttpOnly(httpOnly).setMaxAge(0);
exchange.setResponseCookie(cookie);
UndertowLogger.SESSION_LOGGER.tracef("Clearing session cookie session id %s on %s", sessionId, exchange);
}
use of io.undertow.server.handlers.Cookie in project undertow by undertow-io.
the class SessionCookieConfig method setSessionId.
@Override
public void setSessionId(final HttpServerExchange exchange, final String sessionId) {
Cookie cookie = new CookieImpl(cookieName, sessionId).setPath(path).setDomain(domain).setDiscard(discard).setSecure(secure).setHttpOnly(httpOnly).setComment(comment);
if (maxAge > 0) {
cookie.setMaxAge(maxAge);
}
exchange.setResponseCookie(cookie);
UndertowLogger.SESSION_LOGGER.tracef("Setting session cookie session id %s on %s", sessionId, exchange);
}
use of io.undertow.server.handlers.Cookie in project undertow by undertow-io.
the class Cookies method parseCookie.
private static void parseCookie(final String cookie, final Map<String, Cookie> parsedCookies, int maxCookies, boolean allowEqualInValue) {
int state = 0;
String name = null;
int start = 0;
int cookieCount = parsedCookies.size();
final Map<String, String> cookies = new HashMap<>();
final Map<String, String> additional = new HashMap<>();
for (int i = 0; i < cookie.length(); ++i) {
char c = cookie.charAt(i);
switch(state) {
case 0:
{
//eat leading whitespace
if (c == ' ' || c == '\t' || c == ';') {
start = i + 1;
break;
}
state = 1;
//fall through
}
case 1:
{
//extract key
if (c == '=') {
name = cookie.substring(start, i);
start = i + 1;
state = 2;
} else if (c == ';') {
if (name != null) {
cookieCount = createCookie(name, cookie.substring(start, i), maxCookies, cookieCount, cookies, additional);
} else if (UndertowLogger.REQUEST_LOGGER.isTraceEnabled()) {
UndertowLogger.REQUEST_LOGGER.trace("Ignoring invalid cookies in header " + cookie);
}
state = 0;
start = i + 1;
}
break;
}
case 2:
{
//extract value
if (c == ';') {
cookieCount = createCookie(name, cookie.substring(start, i), maxCookies, cookieCount, cookies, additional);
state = 0;
start = i + 1;
} else if (c == '"' && start == i) {
//only process the " if it is the first character
state = 3;
start = i + 1;
} else if (!allowEqualInValue && c == '=') {
cookieCount = createCookie(name, cookie.substring(start, i), maxCookies, cookieCount, cookies, additional);
state = 4;
start = i + 1;
}
break;
}
case 3:
{
//extract quoted value
if (c == '"') {
cookieCount = createCookie(name, cookie.substring(start, i), maxCookies, cookieCount, cookies, additional);
state = 0;
start = i + 1;
}
break;
}
case 4:
{
//skip value portion behind '='
if (c == ';') {
state = 0;
}
start = i + 1;
break;
}
}
}
if (state == 2) {
createCookie(name, cookie.substring(start), maxCookies, cookieCount, cookies, additional);
}
for (final Map.Entry<String, String> entry : cookies.entrySet()) {
Cookie c = new CookieImpl(entry.getKey(), entry.getValue());
String domain = additional.get(DOMAIN);
if (domain != null) {
c.setDomain(domain);
}
String version = additional.get(VERSION);
if (version != null) {
c.setVersion(Integer.parseInt(version));
}
String path = additional.get(PATH);
if (path != null) {
c.setPath(path);
}
parsedCookies.put(c.getName(), c);
}
}
use of io.undertow.server.handlers.Cookie in project spring-framework by spring-projects.
the class UndertowServerHttpRequest method initCookies.
@Override
protected MultiValueMap<String, HttpCookie> initCookies() {
MultiValueMap<String, HttpCookie> cookies = new LinkedMultiValueMap<>();
for (String name : this.exchange.getRequestCookies().keySet()) {
Cookie cookie = this.exchange.getRequestCookies().get(name);
HttpCookie httpCookie = new HttpCookie(name, cookie.getValue());
cookies.add(name, httpCookie);
}
return cookies;
}
Aggregations