Author: jleroux
Date: Fri Mar 16 10:02:03 2018
New Revision: 1826949
URL: http://svn.apache.org/viewvc?rev=1826949&view=rev
Log:
Improved: Token Based Authentication
(OFBIZ-9833)
Removes the code I temporarily removed on trunk demo (controversial) to test my
changes
Also adds the LoginWorker.autoLoginSet()
This is just a commit to go ahead, later I will revert all related and provide
a patch for discussion at OFBIZ-9833.
I'll also certainly use Deepak's JWTManager.createJwt() instead of mine, it's
more general and I actually only need to pass the userLoginId. We have though
to discuss that anyway, I see some differences...
Modified:
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
Modified:
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java?rev=1826949&r1=1826948&r2=1826949&view=diff
==============================================================================
---
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
(original)
+++
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
Fri Mar 16 10:02:03 2018
@@ -32,7 +32,6 @@ import javax.servlet.http.HttpSession;
import javax.xml.bind.DatatypeConverter;
import org.apache.ofbiz.base.util.Debug;
-import org.apache.ofbiz.base.util.UtilHttp;
import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.entity.DelegatorFactory;
import org.apache.ofbiz.entity.GenericEntityException;
@@ -186,18 +185,13 @@ public class ExternalLoginKeysManager {
Delegator delegator = (Delegator) request.getAttribute("delegator");
HttpSession session = request.getSession();
- // The target server does not allow external login by default
- boolean useExternalServer =
EntityUtilProperties.getPropertyAsBoolean("security", "use-external-server",
false);
- String sourceWebappName =
request.getParameter(SOURCE_SERVER_WEBAPP_NAME);
- if (!useExternalServer || sourceWebappName == null) return "success";
// Nothing to do here
-
try {
String userLoginId = null;
String authorizationHeader = request.getHeader("Authorization");
if (authorizationHeader != null) {
Claims claims = returnsClaims(authorizationHeader);
userLoginId = getSourceUserLoginId(claims );
- boolean jwtOK = checkJwt(authorizationHeader, userLoginId,
getTargetServerUrl(request), UtilHttp.getApplicationName(request));
+ boolean jwtOK = checkJwt(authorizationHeader, userLoginId, "",
"");
if (!jwtOK) {
// Something unexpected happened here
Debug.logWarning("*** There was a problem with the JWT
token, not signin in the user login " + userLoginId, module);
@@ -234,6 +228,9 @@ public class ExternalLoginKeysManager {
Debug.logError(e, "Cannot get autoUserLogin information: " +
e.getMessage(), module);
}
+ // make sure the autoUserLogin is set to the same and that the client
cookie has the correct userLoginId
+ LoginWorker.autoLoginSet(request, response);
+
return "success";
}
