You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:18:20 UTC
[sling-org-apache-sling-auth-form] 03/26: SLING-1695 - set the
cookie domain either by a config admin property or using a key within the
AuthenticationInfo object
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit 11448fa07bd7a7685fee2843aa24b1c24fbc5c77
Author: Justin Edelson <ju...@apache.org>
AuthorDate: Thu Aug 26 12:59:57 2010 +0000
SLING-1695 - set the cookie domain either by a config admin property or using a key within the AuthenticationInfo object
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@989652 13f79535-47bb-0310-9956-ffa450edef68
---
.../auth/form/impl/FormAuthenticationHandler.java | 63 ++++++++++++++++------
.../OSGI-INF/metatype/metatype.properties | 5 ++
2 files changed, 52 insertions(+), 16 deletions(-)
diff --git a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
index 4322234..b34fa86 100644
--- a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
+++ b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
@@ -163,7 +163,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
*
* @scr.property type="Boolean" valueRef="DEFAULT_INCLUDE_FORM"
*/
- public static final String PAR_INCLUDE_FORM = "form.use.include";
+ private static final String PAR_INCLUDE_FORM = "form.use.include";
/**
* The default include value.
@@ -172,7 +172,6 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
*/
private static final boolean DEFAULT_INCLUDE_FORM = false;
-
/**
* Whether to present a login form when a users cookie expires, the default
* is not to present the form.
@@ -189,6 +188,13 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
private static final boolean DEFAULT_LOGIN_AFTER_EXPIRE = false;
/**
+ * The default domain on which to see the auth cookie (if cookie storage is used)
+ *
+ * @scr.property
+ */
+ private static final String PAR_DEFAULT_COOKIE_DOMAIN = "form.default.cookie.domain";
+
+ /**
* The request method required for user name and password submission by the
* form (value is "POST").
*/
@@ -248,6 +254,12 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
private static final String PAR_SERVICE_RANKING = Constants.SERVICE_RANKING;
/**
+ * Key in the AuthenticationInfo map which contains the domain on which the
+ * auth cookie should be set.
+ */
+ private static final String COOKIE_DOMAIN = "cookie.domain";
+
+ /**
* The factor to convert minute numbers into milliseconds used internally
*/
private static final long MINUTES = 60L * 1000L;
@@ -302,7 +314,6 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
*/
private boolean loginAfterExpire;
-
/**
* Extracts cookie/session based credentials from the request. Returns
* <code>null</code> if the handler assumes HTTP Basic authentication would
@@ -615,7 +626,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
}
if (authData != null) {
- authStorage.set(request, response, authData);
+ authStorage.set(request, response, authData, authInfo);
} else {
authStorage.clear(request, response);
}
@@ -725,6 +736,10 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
final String authName = OsgiUtil.toString(
properties.get(PAR_AUTH_NAME), DEFAULT_AUTH_NAME);
+
+ final String defaultCookieDomain = OsgiUtil.toString(
+ properties.get(PAR_DEFAULT_COOKIE_DOMAIN), null);
+
final String authStorage = OsgiUtil.toString(
properties.get(PAR_AUTH_STORAGE), DEFAULT_AUTH_STORAGE);
if (AUTH_STORAGE_SESSION_ATTRIBUTE.equals(authStorage)) {
@@ -735,7 +750,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
} else {
- this.authStorage = new CookieStorage(authName);
+ this.authStorage = new CookieStorage(authName, defaultCookieDomain);
log.info("Using Cookie store with name {}", authName);
}
@@ -772,7 +787,6 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
this.includeLoginForm = OsgiUtil.toBoolean(properties.get(PAR_INCLUDE_FORM), DEFAULT_INCLUDE_FORM);
this.loginAfterExpire = OsgiUtil.toBoolean(properties.get(PAR_LOGIN_AFTER_EXPIRE), DEFAULT_LOGIN_AFTER_EXPIRE);
-
}
protected void deactivate(
@@ -872,7 +886,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
String extractAuthenticationInfo(HttpServletRequest request);
void set(HttpServletRequest request, HttpServletResponse response,
- String authData);
+ String authData, AuthenticationInfo info);
void clear(HttpServletRequest request, HttpServletResponse response);
}
@@ -883,9 +897,13 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
*/
private static class CookieStorage implements AuthenticationStorage {
private final String cookieName;
+ private final String domainCookieName;
+ private final String defaultCookieDomain;
- public CookieStorage(final String cookieName) {
+ public CookieStorage(final String cookieName, final String defaultCookieDomain) {
this.cookieName = cookieName;
+ this.domainCookieName = cookieName + "." + COOKIE_DOMAIN;
+ this.defaultCookieDomain = defaultCookieDomain;
}
public String extractAuthenticationInfo(HttpServletRequest request) {
@@ -912,7 +930,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
}
public void set(HttpServletRequest request,
- HttpServletResponse response, String authData) {
+ HttpServletResponse response, String authData, AuthenticationInfo info) {
// base64 encode to handle any special characters
String cookieValue;
try {
@@ -922,39 +940,52 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
}
// send the cookie to the response
- setCookie(request, response, cookieValue, -1);
+ String cookieDomain = (String) info.get(COOKIE_DOMAIN);
+ if (cookieDomain == null) {
+ cookieDomain = defaultCookieDomain;
+ }
+ setCookie(request, response, this.cookieName, cookieValue, -1, cookieDomain);
+ setCookie(request, response, this.domainCookieName, cookieDomain, -1, cookieDomain);
}
public void clear(HttpServletRequest request,
HttpServletResponse response) {
Cookie oldCookie = null;
+ String oldCookieDomain = null;
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (this.cookieName.equals(cookie.getName())) {
// found the cookie
oldCookie = cookie;
- break;
+ } else if (this.domainCookieName.equals(cookie.getName())) {
+ oldCookieDomain = cookie.getValue();
}
}
}
// remove the old cookie from the client
if (oldCookie != null) {
- setCookie(request, response, "", 0);
+ setCookie(request, response, this.cookieName, "", 0, oldCookieDomain);
+ if (oldCookieDomain != null) {
+ setCookie(request, response, this.domainCookieName, "", 0, oldCookieDomain);
+ }
}
}
private void setCookie(final HttpServletRequest request,
- final HttpServletResponse response, final String value,
- final int age) {
+ final HttpServletResponse response, final String name,
+ final String value, final int age, final String domain) {
final String ctxPath = request.getContextPath();
final String cookiePath = (ctxPath == null || ctxPath.length() == 0)
? "/"
: ctxPath;
- Cookie cookie = new Cookie(this.cookieName, value);
+ Cookie cookie = new Cookie(name, value);
+ if (domain != null) {
+ cookie.setDomain(domain);
+ }
cookie.setMaxAge(age);
cookie.setPath(cookiePath);
cookie.setSecure(request.isSecure());
@@ -985,7 +1016,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
}
public void set(HttpServletRequest request,
- HttpServletResponse response, String authData) {
+ HttpServletResponse response, String authData, AuthenticationInfo info) {
// store the auth hash as a session attribute
HttpSession session = request.getSession();
session.setAttribute(sessionAttributeName, authData);
diff --git a/src/main/resources/OSGI-INF/metatype/metatype.properties b/src/main/resources/OSGI-INF/metatype/metatype.properties
index 686bd82..5aa2bd7 100644
--- a/src/main/resources/OSGI-INF/metatype/metatype.properties
+++ b/src/main/resources/OSGI-INF/metatype/metatype.properties
@@ -79,4 +79,9 @@ form.onexpire.login.name = On Login Expire, Re-login
form.onexpire.login.description = If true, when the form login expires the user \
will be prompted to re-login. If false they become an anonymous user. The default \
is false.
+
+form.default.cookie.domain.name = Default Cookie Domain
+form.default.cookie.domain.description = The domain on which authentication cookies will \
+ be set, unless overridden in the AuthenticationInfo object. The default is null \
+ which means to set the cookie on the request domain.
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.