From f24d03991c8ada1bfb9e402b04d68cf01906cbee Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 07:58:24 +0100 Subject: move code for Cookie management into CookieUtils.java --- .../gv/egovernment/moa/id/moduls/SSOManager.java | 72 +++++++++++----------- .../at/gv/egovernment/moa/id/util/CookieUtils.java | 37 +++++++++++ 2 files changed, 73 insertions(+), 36 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index b5005d0c9..2b550f21e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -26,7 +26,6 @@ import java.util.Date; import java.util.Map; import java.util.Map.Entry; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -59,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.CookieUtils; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -329,12 +329,12 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } else { //check if IDP cookie is set - String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); + String cookie = CookieUtils.getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie); - deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); + CookieUtils.deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } } @@ -345,7 +345,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) { - setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); + CookieUtils.setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); } @@ -443,7 +443,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf public String getSSOSessionID(HttpServletRequest httpReq) { - return getValueFromCookie(httpReq, SSOCOOKIE); + return CookieUtils.getValueFromCookie(httpReq, SSOCOOKIE); } @@ -510,43 +510,43 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); + CookieUtils.setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); } private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - deleteCookie(httpReq, httpResp, SSOCOOKIE); + CookieUtils.deleteCookie(httpReq, httpResp, SSOCOOKIE); } - private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { - Cookie[] cookies = httpReq.getCookies(); - - if (cookies != null) { - for (Cookie cookie : cookies) { - if (cookie.getName().equals(cookieName)) { - return cookie.getValue(); - } - } - } - return null; - } - - private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, - String cookieName, String cookieValue, int maxAge) { - - Cookie cookie = new Cookie(cookieName, cookieValue); - cookie.setMaxAge(maxAge); - cookie.setSecure(true); - cookie.setHttpOnly(true); - cookie.setPath(httpReq.getContextPath()); - - httpResp.addCookie(cookie); - } - - private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { - setCookie(httpReq, httpResp, cookieName, "", 0); - - } +// private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { +// Cookie[] cookies = httpReq.getCookies(); +// +// if (cookies != null) { +// for (Cookie cookie : cookies) { +// if (cookie.getName().equals(cookieName)) { +// return cookie.getValue(); +// } +// } +// } +// return null; +// } +// +// private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, +// String cookieName, String cookieValue, int maxAge) { +// +// Cookie cookie = new Cookie(cookieName, cookieValue); +// cookie.setMaxAge(maxAge); +// cookie.setSecure(true); +// cookie.setHttpOnly(true); +// cookie.setPath(httpReq.getContextPath()); +// +// httpResp.addCookie(cookie); +// } +// +// private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { +// setCookie(httpReq, httpResp, cookieName, "", 0); +// +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java new file mode 100644 index 000000000..21cbd574f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.util; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class CookieUtils { + public static String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals(cookieName)) { + return cookie.getValue(); + } + } + } + return null; + } + + public static void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, + String cookieName, String cookieValue, int maxAge) { + + Cookie cookie = new Cookie(cookieName, cookieValue); + cookie.setMaxAge(maxAge); + cookie.setSecure(true); + cookie.setHttpOnly(true); + cookie.setPath(httpReq.getContextPath()); + + httpResp.addCookie(cookie); + } + + public static void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { + setCookie(httpReq, httpResp, cookieName, "", 0); + + } +} -- cgit v1.2.3