From 84d9e44728d933b4eca82eadc647dfdfa7c470e3 Mon Sep 17 00:00:00 2001
From: Falucho <german.faller@pcunix71.fing.edu.uy>
Date: Tue, 25 Jun 2019 01:25:35 -0300
Subject: [PATCH] JWT con COokie
---
.../uy/edu/fing/tse/jsf/UserLoginBean.java | 17 ++++++++++++++
.../edu/fing/tse/jsf/security/JwtFilter.java | 23 +++++++++++--------
.../webapp/WEB-INF/templates/template.xhtml | 7 ++----
.../src/main/webapp/jsf/gestionhechos.xhtml | 2 +-
4 files changed, 33 insertions(+), 16 deletions(-)
diff --git a/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java b/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java
index ef39f8a..8a3ae8f 100644
--- a/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java
+++ b/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java
@@ -15,8 +15,14 @@ import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
import java.io.Serializable;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
@RequestScoped
@Named("userLoginView")
@@ -43,6 +49,8 @@ public class UserLoginBean implements Serializable {
final UserBO user = new UserBO();
+ @NotEmpty
+ @Size(min = 8, message = "Password must have at least 8 characters")
private String repassword;
public List<Role> getRoles() {
@@ -69,6 +77,7 @@ public class UserLoginBean implements Serializable {
String token = securityLocal.login(user);
if (token != null) {
+ addCookieToken(token);
session.setToken(token);
session.setUser(user);
return "jsf/gestionhechos";
@@ -102,4 +111,12 @@ public class UserLoginBean implements Serializable {
}
}
+ private void addCookieToken(final String token) {
+ final Map<String, Object> properties = new HashMap<>();
+ properties.put("maxAge", 31536000);
+ properties.put("path", "/");
+ FacesContext.getCurrentInstance().getExternalContext()
+ .addResponseCookie("token", URLEncoder.encode(token, StandardCharsets.UTF_8), properties);
+ }
+
}
diff --git a/backoffice/src/main/java/uy/edu/fing/tse/jsf/security/JwtFilter.java b/backoffice/src/main/java/uy/edu/fing/tse/jsf/security/JwtFilter.java
index 91f644a..b0bc473 100644
--- a/backoffice/src/main/java/uy/edu/fing/tse/jsf/security/JwtFilter.java
+++ b/backoffice/src/main/java/uy/edu/fing/tse/jsf/security/JwtFilter.java
@@ -2,11 +2,10 @@ package uy.edu.fing.tse.jsf.security;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
-import uy.edu.fing.tse.jsf.session.SessionBean;
-import javax.inject.Inject;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@@ -14,12 +13,8 @@ import java.io.IOException;
@WebFilter("/jsf/*")
public class JwtFilter implements javax.servlet.Filter {
- @Inject
- private SessionBean session;
-
@Override
public void init(FilterConfig filterConfig) throws ServletException {
-
}
@Override
@@ -27,20 +22,28 @@ public class JwtFilter implements javax.servlet.Filter {
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
- final var token = session.getToken();
- if (token == null) {
- //TODO se puede hacer un send Redirect para enviarlo al Login
+ Cookie cookieToken = null;
+ for (Cookie cookie : request.getCookies()) {
+ if ("token".equals(cookie.getName())) {
+ cookieToken = cookie;
+ break;
+ }
+ }
+
+ if (cookieToken == null || cookieToken.getValue() == null) {
response.setStatus(401);
response.sendRedirect(request.getContextPath() + "/login.xhtml");
return;
}
+ final var token = cookieToken.getValue();
+
try {
final Claims claims = Jwts.parser().setSigningKey("1q2w3e4r5t6y7u8i9o0p").parseClaimsJws(token).getBody();
request.setAttribute("claims", claims);
} catch (final Exception e) {
- session.invalidate();
response.setStatus(401);
+ response.sendRedirect(request.getContextPath() + "/login.xhtml");
return;
}
diff --git a/backoffice/src/main/webapp/WEB-INF/templates/template.xhtml b/backoffice/src/main/webapp/WEB-INF/templates/template.xhtml
index 51e065b..62700bc 100644
--- a/backoffice/src/main/webapp/WEB-INF/templates/template.xhtml
+++ b/backoffice/src/main/webapp/WEB-INF/templates/template.xhtml
@@ -2,7 +2,7 @@
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui"
- xmlns:h="http://xmlns.jcp.org/jsf/html" xmlns:f="http://xmlns.jcp.org/jsf/core"
+ xmlns:h="http://xmlns.jcp.org/jsf/html"
>
<h:head>
<style type="text/css">
@@ -30,11 +30,8 @@
</style>
+
<title>BackOffice - feiknius</title>
- <f:metadata>
- <f:viewAction action="#{sessionBean.putToken()}"/>
- <!--<f:event type="preRenderView" listener="#{sessionBean.putToken()}"/>-->
- </f:metadata>
</h:head>
<h:body>
diff --git a/backoffice/src/main/webapp/jsf/gestionhechos.xhtml b/backoffice/src/main/webapp/jsf/gestionhechos.xhtml
index 1780f2f..2ef7c6a 100644
--- a/backoffice/src/main/webapp/jsf/gestionhechos.xhtml
+++ b/backoffice/src/main/webapp/jsf/gestionhechos.xhtml
@@ -12,7 +12,7 @@
<h:form>
<p:outputPanel style="font-size: 30px;text-align: center">
<h:outputText value="Bienvenido "/>
- <h:outputText value="#{userLoginView.user.mail}"/>
+ <h:outputText value="#{sessionBean.user.mail}"/>
</p:outputPanel>
<p:dataTable var="hecho" id="dataHecho" value="#{gestionHechos.filteredFacts}" widgetVar="NoticiasTable"
--
GitLab