Skip to content
Snippets Groups Projects
Commit 4e56645f authored by Falucho's avatar Falucho
Browse files

Se comienza a trabajar con JWT

parent a236c04e
No related branches found
No related tags found
No related merge requests found
......@@ -65,22 +65,21 @@ public class UserLoginBean implements Serializable {
this.repassword = repassword;
}
public void login() {
public String login() {
String token = securityLocal.login(user);
if (token != null) {
session.setToken(token);
session.setUser(user);
// return "gestionhechos";
return "jsf/gestionhechos";
} else {
FacesContext.getCurrentInstance().addMessage(
null,
new FacesMessage(FacesMessage.SEVERITY_WARN,
"Ingreso Incorrecto",
"Por favor verificar los datos ingresados"));
// return "";
}
return "";
}
public String register() {
......@@ -92,7 +91,7 @@ public class UserLoginBean implements Serializable {
//TODO
if (valid) {
final var s = securityLocal.register(user);
return "gestionhechos";
return "jsf/gestionhechos";
} else {
FacesContext.getCurrentInstance().addMessage(
null,
......
......@@ -2,46 +2,52 @@ package uy.edu.fing.tse.jsf.security;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import uy.edu.fing.tse.jsf.session.SessionBean;
import javax.inject.Inject;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
//@WebFilter("/jsf/*")
//public class JwtFilter implements javax.servlet.Filter {
// @Override
// public void init(FilterConfig filterConfig) throws ServletException {
//
// }
//
// @Override
// public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
// final HttpServletRequest request = (HttpServletRequest) req;
// final HttpServletResponse response = (HttpServletResponse) res;
//
// final String authHeader = request.getHeader("Authorization");
// if (authHeader == null || !authHeader.startsWith("Bearer ")) {
// //TODO se puede hacer un send Redirect para enviarlo al Login
// response.setStatus(401);
// return;
// }
//
// try {
// final String token = authHeader.substring(7); // The part after "Bearer "
// final Claims claims = Jwts.parser().setSigningKey("1q2w3e4r5t6y7u8i9o0p").parseClaimsJws(token).getBody();
// request.setAttribute("claims", claims);
// } catch (final Exception e) {
// response.setStatus(401);
// return;
// }
//
// chain.doFilter(req, res);
// }
//
// @Override
// public void destroy() {
//
// }
//}
@WebFilter("/jsf/*")
public class JwtFilter implements javax.servlet.Filter {
@Inject
private SessionBean session;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
final var token = session.getToken();
if (token == null) {
//TODO se puede hacer un send Redirect para enviarlo al Login
response.setStatus(401);
response.sendRedirect(request.getContextPath() + "/login.xhtml");
return;
}
try {
final Claims claims = Jwts.parser().setSigningKey("1q2w3e4r5t6y7u8i9o0p").parseClaimsJws(token).getBody();
request.setAttribute("claims", claims);
} catch (final Exception e) {
session.invalidate();
response.setStatus(401);
return;
}
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
}
......@@ -3,9 +3,7 @@ package uy.edu.fing.tse.jsf.session;
import uy.edu.fing.tse.dto.UserBO;
import javax.enterprise.context.SessionScoped;
import javax.faces.context.FacesContext;
import javax.inject.Named;
import javax.servlet.http.HttpServletResponse;
import java.io.Serializable;
@SessionScoped
......@@ -34,11 +32,15 @@ public class SessionBean implements Serializable {
this.user = user;
}
public void putToken() {
public String makeToken() {
if (token == null) {
return;
return null;
}
HttpServletResponse response = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
response.setHeader("Authorization", "Bearer " + token);
return "Bearer " + token;
}
public void invalidate() {
token = null;
user = null;
}
}
......@@ -31,8 +31,11 @@
</style>
<title>BackOffice - feiknius</title>
<f:metadata>
<f:viewAction action="#{sessionBean.putToken()}"/>
<!--<f:event type="preRenderView" listener="#{sessionBean.putToken()}"/>-->
</f:metadata>
</h:head>
<h:body>
<header>
......@@ -40,7 +43,6 @@
</header>
<!-- Menús, headers y todo lo que vaya antes del contenido -->
<p:messages/>
<f:event type="preRenderView" listener="#{sessionBean.putToken()}"/>
<ui:insert name="contenido">
Contenido por defecto para que no quede en blanco...
</ui:insert>
......
......@@ -23,10 +23,13 @@
<f:facet name="footer">
<h:commandButton value="Register" action="register.xhmtl?faces-redirect=true"
<h:commandButton styleClass="btn btn-primary" value="Crear Usuario"
action="register.xhmtl?faces-redirect=true"
update="form" async="true" process="@this"/>
<h:commandButton value="Login" action="#{userLoginView.login()}" update="form"/>
<h:commandButton styleClass="btn btn-primary"
value="Login" action="#{userLoginView.login()}"
update="form"/>
</f:facet>
<h:inputHidden id="token" value="#{sessionBean.token}"/>
</h:panelGrid>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment