Search in sources :

Example 1 with SameSiteCookie

use of org.wso2.carbon.core.SameSiteCookie in project carbon-identity-framework by wso2.

the class FrameworkUtils method setCookie.

public static void setCookie(HttpServletRequest req, HttpServletResponse resp, String cookieName, String id, Integer age, SameSiteCookie setSameSite, String path) {
    CookieBuilder cookieBuilder = new CookieBuilder(cookieName, id);
    IdentityCookieConfig cookieConfig = IdentityUtil.getIdentityCookieConfig(cookieName);
    if (cookieConfig != null) {
        updateCookieConfig(cookieBuilder, cookieConfig, age, path);
    } else {
        cookieBuilder.setSecure(true);
        cookieBuilder.setHttpOnly(true);
        cookieBuilder.setPath(StringUtils.isNotBlank(path) ? path : ROOT_DOMAIN);
        cookieBuilder.setSameSite(setSameSite);
        if (age != null) {
            cookieBuilder.setMaxAge(age);
        }
    }
    resp.addCookie(cookieBuilder.build());
}
Also used : CookieBuilder(org.wso2.carbon.identity.core.model.CookieBuilder) IdentityCookieConfig(org.wso2.carbon.identity.core.model.IdentityCookieConfig)

Example 2 with SameSiteCookie

use of org.wso2.carbon.core.SameSiteCookie in project carbon-identity-framework by wso2.

the class FrameworkUtils method removeCookie.

public static void removeCookie(HttpServletRequest req, HttpServletResponse resp, String cookieName, SameSiteCookie sameSiteCookie, String path) {
    Cookie[] cookies = req.getCookies();
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(cookieName)) {
                CookieBuilder cookieBuilder = new CookieBuilder(cookieName, cookie.getValue());
                IdentityCookieConfig cookieConfig = IdentityUtil.getIdentityCookieConfig(cookieName);
                if (cookieConfig != null) {
                    updateCookieConfig(cookieBuilder, cookieConfig, 0, path);
                } else {
                    cookieBuilder.setHttpOnly(true);
                    cookieBuilder.setSecure(true);
                    cookieBuilder.setPath(StringUtils.isNotBlank(path) ? path : ROOT_DOMAIN);
                    cookieBuilder.setSameSite(sameSiteCookie);
                }
                cookieBuilder.setMaxAge(0);
                resp.addCookie(cookieBuilder.build());
                break;
            }
        }
    }
}
Also used : SameSiteCookie(org.wso2.carbon.core.SameSiteCookie) Cookie(javax.servlet.http.Cookie) CookieBuilder(org.wso2.carbon.identity.core.model.CookieBuilder) IdentityCookieConfig(org.wso2.carbon.identity.core.model.IdentityCookieConfig)

Example 3 with SameSiteCookie

use of org.wso2.carbon.core.SameSiteCookie in project carbon-identity-framework by wso2.

the class IdentityConfigParser method buildCookieConfig.

private void buildCookieConfig() {
    OMElement cookiesConfig = this.getConfigElement(IdentityConstants.COOKIES_CONFIG);
    if (cookiesConfig != null) {
        Iterator<OMElement> cookies = cookiesConfig.getChildrenWithName(new QName(IdentityCoreConstants.IDENTITY_DEFAULT_NAMESPACE, IdentityConstants.COOKIE));
        if (cookies != null) {
            while (cookies.hasNext()) {
                OMElement cookie = cookies.next();
                String cookieName = cookie.getAttributeValue(new QName(IdentityConstants.COOKIE_NAME));
                if (StringUtils.isBlank(cookieName)) {
                    throw IdentityRuntimeException.error("Cookie name not defined correctly");
                }
                IdentityCookieConfig cookieConfig = new IdentityCookieConfig(cookieName);
                String domain = cookie.getAttributeValue(new QName(IdentityConstants.COOKIE_DOMAIN));
                if (StringUtils.isNotBlank(domain)) {
                    cookieConfig.setDomain(domain);
                }
                String path = cookie.getAttributeValue(new QName(IdentityConstants.COOKIE_PATH));
                if (StringUtils.isNotBlank(path)) {
                    cookieConfig.setPath(path);
                }
                String comment = cookie.getAttributeValue(new QName(IdentityConstants.COOKIE_COMMENT));
                if (StringUtils.isNotBlank(comment)) {
                    cookieConfig.setComment(comment);
                }
                String version = cookie.getAttributeValue(new QName(IdentityConstants.COOKIE_VERSION));
                if (StringUtils.isNotBlank(version)) {
                    cookieConfig.setVersion(Integer.valueOf(version));
                }
                String magAge = cookie.getAttributeValue(new QName(IdentityConstants.COOKIE_MAX_AGE));
                if (StringUtils.isNotBlank(magAge)) {
                    cookieConfig.setMaxAge(Integer.valueOf(magAge));
                }
                String secure = cookie.getAttributeValue(new QName(IdentityConstants.COOKIE_SECURE));
                if (StringUtils.isNotBlank(secure)) {
                    cookieConfig.setSecure(Boolean.valueOf(secure));
                }
                String httpOnly = cookie.getAttributeValue(new QName(IdentityConstants.COOKIE_HTTP_ONLY));
                if (StringUtils.isNotBlank(httpOnly)) {
                    cookieConfig.setIsHttpOnly(Boolean.valueOf(httpOnly));
                }
                String sameSiteString = cookie.getAttributeValue(new QName(IdentityConstants.COOKIE_SAME_SITE));
                if (StringUtils.isNotEmpty(sameSiteString)) {
                    try {
                        SameSiteCookie sameSite = SameSiteCookie.valueOf(sameSiteString);
                        cookieConfig.setSameSite(sameSite);
                    } catch (IllegalArgumentException ex) {
                        throw new IllegalArgumentException("sameSite value should be Strict or Lax or None. ", ex);
                    }
                }
                // Add the config to container
                identityCookieConfigurationHolder.put(cookieName, cookieConfig);
            }
        }
    }
}
Also used : QName(javax.xml.namespace.QName) IdentityCookieConfig(org.wso2.carbon.identity.core.model.IdentityCookieConfig) OMElement(org.apache.axiom.om.OMElement) SameSiteCookie(org.wso2.carbon.core.SameSiteCookie)

Aggregations

IdentityCookieConfig (org.wso2.carbon.identity.core.model.IdentityCookieConfig)3 SameSiteCookie (org.wso2.carbon.core.SameSiteCookie)2 CookieBuilder (org.wso2.carbon.identity.core.model.CookieBuilder)2 Cookie (javax.servlet.http.Cookie)1 QName (javax.xml.namespace.QName)1 OMElement (org.apache.axiom.om.OMElement)1