Skip to content
Snippets Groups Projects
Commit 84d9e447 authored by Falucho's avatar Falucho
Browse files

JWT con COokie

parent 4e56645f
No related branches found
No related tags found
No related merge requests found
...@@ -15,8 +15,14 @@ import javax.faces.application.FacesMessage; ...@@ -15,8 +15,14 @@ import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext; import javax.faces.context.FacesContext;
import javax.inject.Inject; import javax.inject.Inject;
import javax.inject.Named; import javax.inject.Named;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.Size;
import java.io.Serializable; import java.io.Serializable;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
@RequestScoped @RequestScoped
@Named("userLoginView") @Named("userLoginView")
...@@ -43,6 +49,8 @@ public class UserLoginBean implements Serializable { ...@@ -43,6 +49,8 @@ public class UserLoginBean implements Serializable {
final UserBO user = new UserBO(); final UserBO user = new UserBO();
@NotEmpty
@Size(min = 8, message = "Password must have at least 8 characters")
private String repassword; private String repassword;
public List<Role> getRoles() { public List<Role> getRoles() {
...@@ -69,6 +77,7 @@ public class UserLoginBean implements Serializable { ...@@ -69,6 +77,7 @@ public class UserLoginBean implements Serializable {
String token = securityLocal.login(user); String token = securityLocal.login(user);
if (token != null) { if (token != null) {
addCookieToken(token);
session.setToken(token); session.setToken(token);
session.setUser(user); session.setUser(user);
return "jsf/gestionhechos"; return "jsf/gestionhechos";
...@@ -102,4 +111,12 @@ public class UserLoginBean implements Serializable { ...@@ -102,4 +111,12 @@ public class UserLoginBean implements Serializable {
} }
} }
private void addCookieToken(final String token) {
final Map<String, Object> properties = new HashMap<>();
properties.put("maxAge", 31536000);
properties.put("path", "/");
FacesContext.getCurrentInstance().getExternalContext()
.addResponseCookie("token", URLEncoder.encode(token, StandardCharsets.UTF_8), properties);
}
} }
...@@ -2,11 +2,10 @@ package uy.edu.fing.tse.jsf.security; ...@@ -2,11 +2,10 @@ package uy.edu.fing.tse.jsf.security;
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import uy.edu.fing.tse.jsf.session.SessionBean;
import javax.inject.Inject;
import javax.servlet.*; import javax.servlet.*;
import javax.servlet.annotation.WebFilter; import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
...@@ -14,12 +13,8 @@ import java.io.IOException; ...@@ -14,12 +13,8 @@ import java.io.IOException;
@WebFilter("/jsf/*") @WebFilter("/jsf/*")
public class JwtFilter implements javax.servlet.Filter { public class JwtFilter implements javax.servlet.Filter {
@Inject
private SessionBean session;
@Override @Override
public void init(FilterConfig filterConfig) throws ServletException { public void init(FilterConfig filterConfig) throws ServletException {
} }
@Override @Override
...@@ -27,20 +22,28 @@ public class JwtFilter implements javax.servlet.Filter { ...@@ -27,20 +22,28 @@ public class JwtFilter implements javax.servlet.Filter {
final HttpServletRequest request = (HttpServletRequest) req; final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res; final HttpServletResponse response = (HttpServletResponse) res;
final var token = session.getToken(); Cookie cookieToken = null;
if (token == null) { for (Cookie cookie : request.getCookies()) {
//TODO se puede hacer un send Redirect para enviarlo al Login if ("token".equals(cookie.getName())) {
cookieToken = cookie;
break;
}
}
if (cookieToken == null || cookieToken.getValue() == null) {
response.setStatus(401); response.setStatus(401);
response.sendRedirect(request.getContextPath() + "/login.xhtml"); response.sendRedirect(request.getContextPath() + "/login.xhtml");
return; return;
} }
final var token = cookieToken.getValue();
try { try {
final Claims claims = Jwts.parser().setSigningKey("1q2w3e4r5t6y7u8i9o0p").parseClaimsJws(token).getBody(); final Claims claims = Jwts.parser().setSigningKey("1q2w3e4r5t6y7u8i9o0p").parseClaimsJws(token).getBody();
request.setAttribute("claims", claims); request.setAttribute("claims", claims);
} catch (final Exception e) { } catch (final Exception e) {
session.invalidate();
response.setStatus(401); response.setStatus(401);
response.sendRedirect(request.getContextPath() + "/login.xhtml");
return; return;
} }
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" <html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui" xmlns:p="http://primefaces.org/ui"
xmlns:h="http://xmlns.jcp.org/jsf/html" xmlns:f="http://xmlns.jcp.org/jsf/core" xmlns:h="http://xmlns.jcp.org/jsf/html"
> >
<h:head> <h:head>
<style type="text/css"> <style type="text/css">
...@@ -30,11 +30,8 @@ ...@@ -30,11 +30,8 @@
</style> </style>
<title>BackOffice - feiknius</title> <title>BackOffice - feiknius</title>
<f:metadata>
<f:viewAction action="#{sessionBean.putToken()}"/>
<!--<f:event type="preRenderView" listener="#{sessionBean.putToken()}"/>-->
</f:metadata>
</h:head> </h:head>
<h:body> <h:body>
......
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
<h:form> <h:form>
<p:outputPanel style="font-size: 30px;text-align: center"> <p:outputPanel style="font-size: 30px;text-align: center">
<h:outputText value="Bienvenido "/> <h:outputText value="Bienvenido "/>
<h:outputText value="#{userLoginView.user.mail}"/> <h:outputText value="#{sessionBean.user.mail}"/>
</p:outputPanel> </p:outputPanel>
<p:dataTable var="hecho" id="dataHecho" value="#{gestionHechos.filteredFacts}" widgetVar="NoticiasTable" <p:dataTable var="hecho" id="dataHecho" value="#{gestionHechos.filteredFacts}" widgetVar="NoticiasTable"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment