Examples with SessionCookie keywhiz.auth.cookie.SessionCookie used on opensource projects

Search in sources :

Example 1 with SessionCookie

use of keywhiz.auth.cookie.SessionCookie in project keywhiz by square.

the class XsrfServletFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    // Exclude certain paths.
    if (EXCLUDED_PATHS.contains(request.getRequestURI())) {
        chain.doFilter(servletRequest, response);
        return;
    }
    String xsrfHeader = request.getHeader(xsrfHeaderName);
    String sessionCookie = null;
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(sessionCookieName)) {
                sessionCookie = cookie.getValue();
            }
        }
    }
    if (isNullOrEmpty(xsrfHeader)) {
        logger.info("Request missing {} header", xsrfHeaderName);
        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    if (isNullOrEmpty(sessionCookie)) {
        logger.info("Request missing {} cookie", sessionCookieName);
        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    if (!XsrfProtection.isValid(xsrfHeader, sessionCookie)) {
        logger.warn("Invalid {} header in request: {}", xsrfHeaderName, xsrfHeader);
        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    chain.doFilter(servletRequest, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SessionCookie(keywhiz.auth.cookie.SessionCookie) Cookie(javax.servlet.http.Cookie) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Aggregations

Cookie (javax.servlet.http.Cookie)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 SessionCookie (keywhiz.auth.cookie.SessionCookie)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial