summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2024-05-23 16:21:38 +0200
committerThomas <>2024-05-23 16:21:38 +0200
commit30f77f0ef285ccfba5dcec31c5b63d63d504ce6a (patch)
tree047b65222757a9e7e316a94401c6c9eb579f84bf
parentefb705e305d6e663f4ed651c01de623e7b0b7c56 (diff)
downloadEAAF-Components-30f77f0ef285ccfba5dcec31c5b63d63d504ce6a.tar.gz
EAAF-Components-30f77f0ef285ccfba5dcec31c5b63d63d504ce6a.tar.bz2
EAAF-Components-30f77f0ef285ccfba5dcec31c5b63d63d504ce6a.zip
fix(core): enable re-setting of already existing security HTTP cookies
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java8
1 files changed, 5 insertions, 3 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
index 4b69d17b..a0a3f793 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
@@ -29,14 +29,16 @@ public class CookieBasedRequestValidator implements IHttpRequestValidator {
@Nonnull final IRequest pendingReq) throws EaafSecurityException {
try {
log.debug("Injecting authentication-process HTTP cookie ... ");
- String authProcessIdentifier = UUID.randomUUID().toString();
+ String storedAuthProcessIdentifier = pendingReq.getRawData(HTTP_COOKIE_SEC, String.class);
+ String authProcessIdentifier = StringUtils.isNotEmpty(storedAuthProcessIdentifier)
+ ? storedAuthProcessIdentifier
+ : UUID.randomUUID().toString();
httpResponse.addCookie(generatePendingRequestIdCookie(authProcessIdentifier, pendingReq));
pendingReq.setRawDataToTransaction(HTTP_COOKIE_SEC, authProcessIdentifier);
} catch (MalformedURLException | EaafStorageException e) {
throw new EaafSecurityException("process.81", e);
}
-
}
@Override
@@ -53,7 +55,7 @@ public class CookieBasedRequestValidator implements IHttpRequestValidator {
} else {
log.info("Stored authentication-process-Id:{} does not match to Id from HTTP cookie:{}",
storedAuthProcessIdentifier,
- authProcessIdentifier != null ? authProcessIdentifier.toString() : " ---no cookie---");
+ authProcessIdentifier != null ? authProcessIdentifier.getValue() : " ---no cookie---");
throw new EaafSecurityException("process.80");
}