Examples with SameSiteAttributeValue org.keycloak.common.util.ServerCookie.SameSiteAttributeValue used on opensource projects

Example 1 with SameSiteAttributeValue

use of org.keycloak.common.util.ServerCookie.SameSiteAttributeValue in project keycloak by keycloak.

the class CookieHelper method addCookie.

/**
 * Set a response cookie.  This solely exists because JAX-RS 1.1 does not support setting HttpOnly cookies
 * @param name
 * @param value
 * @param path
 * @param domain
 * @param comment
 * @param maxAge
 * @param secure
 * @param httpOnly
 * @param sameSite
 */
public static void addCookie(String name, String value, String path, String domain, String comment, int maxAge, boolean secure, boolean httpOnly, SameSiteAttributeValue sameSite) {
    SameSiteAttributeValue sameSiteParam = sameSite;
    // might be rejected by the browser in some cases resulting in leaving the original cookie untouched; that can even prevent user from accessing their application
    if (maxAge == 0) {
        sameSite = null;
    }
    // when SameSite=None, Secure attribute must be set
    boolean secure_sameSite = sameSite == SameSiteAttributeValue.NONE || secure;
    HttpResponse response = Resteasy.getContextData(HttpResponse.class);
    StringBuffer cookieBuf = new StringBuffer();
    ServerCookie.appendCookieValue(cookieBuf, 1, name, value, path, domain, comment, maxAge, secure_sameSite, httpOnly, sameSite);
    String cookie = cookieBuf.toString();
    response.getOutputHeaders().add(HttpHeaders.SET_COOKIE, cookie);
    // a workaround for browser in older Apple OSs – browsers ignore cookies with SameSite=None
    if (sameSiteParam == SameSiteAttributeValue.NONE) {
        addCookie(name + LEGACY_COOKIE, value, path, domain, comment, maxAge, secure, httpOnly, null);
    }
}