Skip to content
Snippets Groups Projects
Commit 84d9e447 authored by Falucho's avatar Falucho
Browse files

JWT con COokie

parent 4e56645f
No related branches found
No related tags found
No related merge requests found
......@@ -15,8 +15,14 @@ import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.Size;
import java.io.Serializable;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@RequestScoped
@Named("userLoginView")
......@@ -43,6 +49,8 @@ public class UserLoginBean implements Serializable {
final UserBO user = new UserBO();
@NotEmpty
@Size(min = 8, message = "Password must have at least 8 characters")
private String repassword;
public List<Role> getRoles() {
......@@ -69,6 +77,7 @@ public class UserLoginBean implements Serializable {
String token = securityLocal.login(user);
if (token != null) {
addCookieToken(token);
session.setToken(token);
session.setUser(user);
return "jsf/gestionhechos";
......@@ -102,4 +111,12 @@ public class UserLoginBean implements Serializable {
}
}
private void addCookieToken(final String token) {
final Map<String, Object> properties = new HashMap<>();
properties.put("maxAge", 31536000);
properties.put("path", "/");
FacesContext.getCurrentInstance().getExternalContext()
.addResponseCookie("token", URLEncoder.encode(token, StandardCharsets.UTF_8), properties);
}
}
......@@ -2,11 +2,10 @@ package uy.edu.fing.tse.jsf.security;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import uy.edu.fing.tse.jsf.session.SessionBean;
import javax.inject.Inject;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
......@@ -14,12 +13,8 @@ import java.io.IOException;
@WebFilter("/jsf/*")
public class JwtFilter implements javax.servlet.Filter {
@Inject
private SessionBean session;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
......@@ -27,20 +22,28 @@ public class JwtFilter implements javax.servlet.Filter {
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
final var token = session.getToken();
if (token == null) {
//TODO se puede hacer un send Redirect para enviarlo al Login
Cookie cookieToken = null;
for (Cookie cookie : request.getCookies()) {
if ("token".equals(cookie.getName())) {
cookieToken = cookie;
break;
}
}
if (cookieToken == null || cookieToken.getValue() == null) {
response.setStatus(401);
response.sendRedirect(request.getContextPath() + "/login.xhtml");
return;
}
final var token = cookieToken.getValue();
try {
final Claims claims = Jwts.parser().setSigningKey("1q2w3e4r5t6y7u8i9o0p").parseClaimsJws(token).getBody();
request.setAttribute("claims", claims);
} catch (final Exception e) {
session.invalidate();
response.setStatus(401);
response.sendRedirect(request.getContextPath() + "/login.xhtml");
return;
}
......
......@@ -2,7 +2,7 @@
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui"
xmlns:h="http://xmlns.jcp.org/jsf/html" xmlns:f="http://xmlns.jcp.org/jsf/core"
xmlns:h="http://xmlns.jcp.org/jsf/html"
>
<h:head>
<style type="text/css">
......@@ -30,11 +30,8 @@
</style>
<title>BackOffice - feiknius</title>
<f:metadata>
<f:viewAction action="#{sessionBean.putToken()}"/>
<!--<f:event type="preRenderView" listener="#{sessionBean.putToken()}"/>-->
</f:metadata>
</h:head>
<h:body>
......
......@@ -12,7 +12,7 @@
<h:form>
<p:outputPanel style="font-size: 30px;text-align: center">
<h:outputText value="Bienvenido "/>
<h:outputText value="#{userLoginView.user.mail}"/>
<h:outputText value="#{sessionBean.user.mail}"/>
</p:outputPanel>
<p:dataTable var="hecho" id="dataHecho" value="#{gestionHechos.filteredFacts}" widgetVar="NoticiasTable"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment