You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by an...@apache.org on 2015/12/31 11:04:00 UTC
syncope git commit: fixed build problems,
added session check for cookie creation
Repository: syncope
Updated Branches:
refs/heads/master 8e8368e19 -> 29f2d7b26
fixed build problems, added session check for cookie creation
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/29f2d7b2
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/29f2d7b2
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/29f2d7b2
Branch: refs/heads/master
Commit: 29f2d7b2617a9dd2e5dd2f40f7d25e5cfc49cd95
Parents: 8e8368e
Author: Andrea Patricelli <an...@tirasa.net>
Authored: Thu Dec 31 11:03:32 2015 +0100
Committer: Andrea Patricelli <an...@tirasa.net>
Committed: Thu Dec 31 11:03:32 2015 +0100
----------------------------------------------------------------------
.../client/enduser/SyncopeEnduserSession.java | 10 +++++
.../client/enduser/resources/InfoResource.java | 9 +++--
.../client/enduser/util/SaltGenerator.java | 38 ++++++++++++++++++
.../syncope/client/lib/SaltGenerator.java | 42 --------------------
4 files changed, 53 insertions(+), 46 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
index cb51436..89b566b 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
@@ -65,6 +65,8 @@ public class SyncopeEnduserSession extends WebSession {
private final Map<Class<?>, Object> services = Collections.synchronizedMap(new HashMap<Class<?>, Object>());
private final CookieUtils cookieUtils;
+
+ private boolean xsrfTokenGenerated = false;
public static SyncopeEnduserSession get() {
return (SyncopeEnduserSession) Session.get();
@@ -182,4 +184,12 @@ public class SyncopeEnduserSession extends WebSession {
return cookieUtils;
}
+ public boolean isXsrfTokenGenerated() {
+ return xsrfTokenGenerated;
+ }
+
+ public void setXsrfTokenGenerated(final boolean xsrfTokenGenerated) {
+ this.xsrfTokenGenerated = xsrfTokenGenerated;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java
index 1449cf0..813dd8b 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java
@@ -24,7 +24,7 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.client.enduser.SyncopeEnduserConstants;
import org.apache.syncope.client.enduser.SyncopeEnduserSession;
import org.apache.syncope.client.enduser.adapters.SyncopeTOAdapter;
-import org.apache.syncope.client.lib.SaltGenerator;
+import org.apache.syncope.client.enduser.util.SaltGenerator;
import org.apache.syncope.core.misc.serialization.POJOHelper;
import org.apache.wicket.request.resource.IResource;
import org.apache.wicket.util.cookies.CookieUtils;
@@ -50,11 +50,12 @@ public class InfoResource extends AbstractBaseResource {
try {
final CookieUtils sessionCookieUtils = SyncopeEnduserSession.get().getCookieUtils();
-// HttpServletRequest request = (HttpServletRequest) attributes.getRequest().getContainerRequest();
// set XSRF_TOKEN cookie
- if (sessionCookieUtils.getCookie(SyncopeEnduserConstants.XSRF_COOKIE) == null || StringUtils.isBlank(
- sessionCookieUtils.getCookie(SyncopeEnduserConstants.XSRF_COOKIE).getValue())) {
+ if (!SyncopeEnduserSession.get().isXsrfTokenGenerated() && (sessionCookieUtils.getCookie(
+ SyncopeEnduserConstants.XSRF_COOKIE) == null || StringUtils.isBlank(
+ sessionCookieUtils.getCookie(SyncopeEnduserConstants.XSRF_COOKIE).getValue()))) {
LOG.info("Set XSRF-TOKEN cookie");
+ SyncopeEnduserSession.get().setXsrfTokenGenerated(true);
sessionCookieUtils.save(SyncopeEnduserConstants.XSRF_COOKIE, SaltGenerator.generate(
SyncopeEnduserSession.get().getId()));
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
new file mode 100644
index 0000000..19896b4
--- /dev/null
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.enduser.util;
+
+import java.security.SecureRandom;
+import org.apache.wicket.util.crypt.Base64;
+import org.apache.commons.codec.digest.DigestUtils;
+
+public final class SaltGenerator {
+
+ public static String generate(final String input) {
+ // generate salt
+ byte[] salt = new byte[16];
+ // fill array with random bytes
+ new SecureRandom().nextBytes(salt);
+ // create digest with MD5
+ return DigestUtils.md2Hex(input + Base64.encodeBase64String(salt));
+ }
+
+ private SaltGenerator() {
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java
----------------------------------------------------------------------
diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java b/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java
deleted file mode 100644
index 911a49b..0000000
--- a/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.client.lib;
-
-import java.security.SecureRandom;
-import java.util.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public final class SaltGenerator {
-
- private static final Logger LOG = LoggerFactory.getLogger(SaltGenerator.class);
-
- public static String generate(final String input) {
- // generate salt
- byte[] salt = new byte[16];
- // fill array with random bytes
- new SecureRandom().nextBytes(salt);
- // create digest with MD5
- return DigestUtils.md2Hex(input + Base64.getEncoder().encodeToString(salt));
- }
-
- private SaltGenerator() {
- }
-}