diff --git a/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java b/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java
index ef39f8aa6779c4944543537b8e65839342f1debf..8a3ae8fbcfaa04dc42cacaf255902827a29b901b 100644
--- a/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java
+++ b/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java
@@ -15,8 +15,14 @@ import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
import java.io.Serializable;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
@RequestScoped
@Named("userLoginView")
@@ -43,6 +49,8 @@ public class UserLoginBean implements Serializable {
final UserBO user = new UserBO();
+ @NotEmpty
+ @Size(min = 8, message = "Password must have at least 8 characters")
private String repassword;
public List<Role> getRoles() {
@@ -69,6 +77,7 @@ public class UserLoginBean implements Serializable {
String token = securityLocal.login(user);
if (token != null) {
+ addCookieToken(token);
session.setToken(token);
session.setUser(user);
return "jsf/gestionhechos";
@@ -102,4 +111,12 @@ public class UserLoginBean implements Serializable {
}
}
+ private void addCookieToken(final String token) {
+ final Map<String, Object> properties = new HashMap<>();
+ properties.put("maxAge", 31536000);
+ properties.put("path", "/");
+ FacesContext.getCurrentInstance().getExternalContext()
+ .addResponseCookie("token", URLEncoder.encode(token, StandardCharsets.UTF_8), properties);
+ }
+
}
diff --git a/backoffice/src/main/java/uy/edu/fing/tse/jsf/security/JwtFilter.java b/backoffice/src/main/java/uy/edu/fing/tse/jsf/security/JwtFilter.java
index 91f644a0966bd56a107cbf2820e558f86b112047..b0bc473fa49141c66d6b5164bc2d37c8220041ad 100644
--- a/backoffice/src/main/java/uy/edu/fing/tse/jsf/security/JwtFilter.java
+++ b/backoffice/src/main/java/uy/edu/fing/tse/jsf/security/JwtFilter.java
@@ -2,11 +2,10 @@ package uy.edu.fing.tse.jsf.security;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
-import uy.edu.fing.tse.jsf.session.SessionBean;
-import javax.inject.Inject;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@@ -14,12 +13,8 @@ import java.io.IOException;
@WebFilter("/jsf/*")
public class JwtFilter implements javax.servlet.Filter {
- @Inject
- private SessionBean session;
-
@Override
public void init(FilterConfig filterConfig) throws ServletException {
-
}
@Override
@@ -27,20 +22,28 @@ public class JwtFilter implements javax.servlet.Filter {
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
- final var token = session.getToken();
- if (token == null) {
- //TODO se puede hacer un send Redirect para enviarlo al Login
+ Cookie cookieToken = null;
+ for (Cookie cookie : request.getCookies()) {
+ if ("token".equals(cookie.getName())) {
+ cookieToken = cookie;
+ break;
+ }
+ }
+
+ if (cookieToken == null || cookieToken.getValue() == null) {
response.setStatus(401);
response.sendRedirect(request.getContextPath() + "/login.xhtml");
return;
}
+ final var token = cookieToken.getValue();
+
try {
final Claims claims = Jwts.parser().setSigningKey("1q2w3e4r5t6y7u8i9o0p").parseClaimsJws(token).getBody();
request.setAttribute("claims", claims);
} catch (final Exception e) {
- session.invalidate();
response.setStatus(401);
+ response.sendRedirect(request.getContextPath() + "/login.xhtml");
return;
}
diff --git a/backoffice/src/main/webapp/WEB-INF/templates/template.xhtml b/backoffice/src/main/webapp/WEB-INF/templates/template.xhtml
index 51e065b0717417557bca3b0ad597394c81960ffa..62700bce971f7e42f2aa21ec49a73fd492aca5ad 100644
--- a/backoffice/src/main/webapp/WEB-INF/templates/template.xhtml
+++ b/backoffice/src/main/webapp/WEB-INF/templates/template.xhtml
@@ -2,7 +2,7 @@
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui"
- xmlns:h="http://xmlns.jcp.org/jsf/html" xmlns:f="http://xmlns.jcp.org/jsf/core"
+ xmlns:h="http://xmlns.jcp.org/jsf/html"
>
<h:head>
<style type="text/css">
@@ -30,11 +30,8 @@
</style>
+
<title>BackOffice - feiknius</title>
- <f:metadata>
- <f:viewAction action="#{sessionBean.putToken()}"/>
- <!--<f:event type="preRenderView" listener="#{sessionBean.putToken()}"/>-->
- </f:metadata>
</h:head>
<h:body>
diff --git a/backoffice/src/main/webapp/jsf/gestionhechos.xhtml b/backoffice/src/main/webapp/jsf/gestionhechos.xhtml
index 1780f2f7770da9e95f8262157d494ef7daf719cd..2ef7c6a053e36441b929619b1acfd8f9f7dd0e5e 100644
--- a/backoffice/src/main/webapp/jsf/gestionhechos.xhtml
+++ b/backoffice/src/main/webapp/jsf/gestionhechos.xhtml
@@ -12,7 +12,7 @@
<h:form>
<p:outputPanel style="font-size: 30px;text-align: center">
<h:outputText value="Bienvenido "/>
- <h:outputText value="#{userLoginView.user.mail}"/>
+ <h:outputText value="#{sessionBean.user.mail}"/>
</p:outputPanel>
<p:dataTable var="hecho" id="dataHecho" value="#{gestionHechos.filteredFacts}" widgetVar="NoticiasTable"