You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by an...@apache.org on 2015/12/31 11:04:00 UTC

syncope git commit: fixed build problems, added session check for cookie creation

Repository: syncope
Updated Branches:
  refs/heads/master 8e8368e19 -> 29f2d7b26


fixed build problems, added session check for cookie creation


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/29f2d7b2
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/29f2d7b2
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/29f2d7b2

Branch: refs/heads/master
Commit: 29f2d7b2617a9dd2e5dd2f40f7d25e5cfc49cd95
Parents: 8e8368e
Author: Andrea Patricelli <an...@tirasa.net>
Authored: Thu Dec 31 11:03:32 2015 +0100
Committer: Andrea Patricelli <an...@tirasa.net>
Committed: Thu Dec 31 11:03:32 2015 +0100

----------------------------------------------------------------------
 .../client/enduser/SyncopeEnduserSession.java   | 10 +++++
 .../client/enduser/resources/InfoResource.java  |  9 +++--
 .../client/enduser/util/SaltGenerator.java      | 38 ++++++++++++++++++
 .../syncope/client/lib/SaltGenerator.java       | 42 --------------------
 4 files changed, 53 insertions(+), 46 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
index cb51436..89b566b 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
@@ -65,6 +65,8 @@ public class SyncopeEnduserSession extends WebSession {
     private final Map<Class<?>, Object> services = Collections.synchronizedMap(new HashMap<Class<?>, Object>());
     
     private final CookieUtils cookieUtils;
+    
+    private boolean xsrfTokenGenerated = false;
 
     public static SyncopeEnduserSession get() {
         return (SyncopeEnduserSession) Session.get();
@@ -182,4 +184,12 @@ public class SyncopeEnduserSession extends WebSession {
         return cookieUtils;
     }
 
+    public boolean isXsrfTokenGenerated() {
+        return xsrfTokenGenerated;
+    }
+
+    public void setXsrfTokenGenerated(final boolean xsrfTokenGenerated) {
+        this.xsrfTokenGenerated = xsrfTokenGenerated;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java
index 1449cf0..813dd8b 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java
@@ -24,7 +24,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.syncope.client.enduser.SyncopeEnduserConstants;
 import org.apache.syncope.client.enduser.SyncopeEnduserSession;
 import org.apache.syncope.client.enduser.adapters.SyncopeTOAdapter;
-import org.apache.syncope.client.lib.SaltGenerator;
+import org.apache.syncope.client.enduser.util.SaltGenerator;
 import org.apache.syncope.core.misc.serialization.POJOHelper;
 import org.apache.wicket.request.resource.IResource;
 import org.apache.wicket.util.cookies.CookieUtils;
@@ -50,11 +50,12 @@ public class InfoResource extends AbstractBaseResource {
 
         try {
             final CookieUtils sessionCookieUtils = SyncopeEnduserSession.get().getCookieUtils();
-//            HttpServletRequest request = (HttpServletRequest) attributes.getRequest().getContainerRequest();
             // set XSRF_TOKEN cookie
-            if (sessionCookieUtils.getCookie(SyncopeEnduserConstants.XSRF_COOKIE) == null || StringUtils.isBlank(
-                    sessionCookieUtils.getCookie(SyncopeEnduserConstants.XSRF_COOKIE).getValue())) {
+            if (!SyncopeEnduserSession.get().isXsrfTokenGenerated() && (sessionCookieUtils.getCookie(
+                    SyncopeEnduserConstants.XSRF_COOKIE) == null || StringUtils.isBlank(
+                            sessionCookieUtils.getCookie(SyncopeEnduserConstants.XSRF_COOKIE).getValue()))) {
                 LOG.info("Set XSRF-TOKEN cookie");
+                SyncopeEnduserSession.get().setXsrfTokenGenerated(true);
                 sessionCookieUtils.save(SyncopeEnduserConstants.XSRF_COOKIE, SaltGenerator.generate(
                         SyncopeEnduserSession.get().getId()));
             }

http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
new file mode 100644
index 0000000..19896b4
--- /dev/null
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.enduser.util;
+
+import java.security.SecureRandom;
+import org.apache.wicket.util.crypt.Base64;
+import org.apache.commons.codec.digest.DigestUtils;
+
+public final class SaltGenerator {
+
+    public static String generate(final String input) {
+        // generate salt
+        byte[] salt = new byte[16];
+        // fill array with random bytes
+        new SecureRandom().nextBytes(salt);
+        // create digest with MD5
+        return DigestUtils.md2Hex(input + Base64.encodeBase64String(salt));
+    }
+
+    private SaltGenerator() {
+    }
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java
----------------------------------------------------------------------
diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java b/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java
deleted file mode 100644
index 911a49b..0000000
--- a/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.client.lib;
-
-import java.security.SecureRandom;
-import java.util.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public final class SaltGenerator {
-
-    private static final Logger LOG = LoggerFactory.getLogger(SaltGenerator.class);
-
-    public static String generate(final String input) {
-        // generate salt
-        byte[] salt = new byte[16];
-        // fill array with random bytes
-        new SecureRandom().nextBytes(salt);
-        // create digest with MD5
-        return DigestUtils.md2Hex(input + Base64.getEncoder().encodeToString(salt));
-    }
-
-    private SaltGenerator() {
-    }
-}