This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.2 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit 11448fa07bd7a7685fee2843aa24b1c24fbc5c77 Author: Justin Edelson <[email protected]> AuthorDate: Thu Aug 26 12:59:57 2010 +0000 SLING-1695 - set the cookie domain either by a config admin property or using a key within the AuthenticationInfo object git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@989652 13f79535-47bb-0310-9956-ffa450edef68 --- .../auth/form/impl/FormAuthenticationHandler.java | 63 ++++++++++++++++------ .../OSGI-INF/metatype/metatype.properties | 5 ++ 2 files changed, 52 insertions(+), 16 deletions(-) diff --git a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java index 4322234..b34fa86 100644 --- a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java +++ b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java @@ -163,7 +163,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { * * @scr.property type="Boolean" valueRef="DEFAULT_INCLUDE_FORM" */ - public static final String PAR_INCLUDE_FORM = "form.use.include"; + private static final String PAR_INCLUDE_FORM = "form.use.include"; /** * The default include value. @@ -172,7 +172,6 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { */ private static final boolean DEFAULT_INCLUDE_FORM = false; - /** * Whether to present a login form when a users cookie expires, the default * is not to present the form. @@ -189,6 +188,13 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { private static final boolean DEFAULT_LOGIN_AFTER_EXPIRE = false; /** + * The default domain on which to see the auth cookie (if cookie storage is used) + * + * @scr.property + */ + private static final String PAR_DEFAULT_COOKIE_DOMAIN = "form.default.cookie.domain"; + + /** * The request method required for user name and password submission by the * form (value is "POST"). */ @@ -248,6 +254,12 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { private static final String PAR_SERVICE_RANKING = Constants.SERVICE_RANKING; /** + * Key in the AuthenticationInfo map which contains the domain on which the + * auth cookie should be set. + */ + private static final String COOKIE_DOMAIN = "cookie.domain"; + + /** * The factor to convert minute numbers into milliseconds used internally */ private static final long MINUTES = 60L * 1000L; @@ -302,7 +314,6 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { */ private boolean loginAfterExpire; - /** * Extracts cookie/session based credentials from the request. Returns * <code>null</code> if the handler assumes HTTP Basic authentication would @@ -615,7 +626,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { } if (authData != null) { - authStorage.set(request, response, authData); + authStorage.set(request, response, authData, authInfo); } else { authStorage.clear(request, response); } @@ -725,6 +736,10 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { final String authName = OsgiUtil.toString( properties.get(PAR_AUTH_NAME), DEFAULT_AUTH_NAME); + + final String defaultCookieDomain = OsgiUtil.toString( + properties.get(PAR_DEFAULT_COOKIE_DOMAIN), null); + final String authStorage = OsgiUtil.toString( properties.get(PAR_AUTH_STORAGE), DEFAULT_AUTH_STORAGE); if (AUTH_STORAGE_SESSION_ATTRIBUTE.equals(authStorage)) { @@ -735,7 +750,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { } else { - this.authStorage = new CookieStorage(authName); + this.authStorage = new CookieStorage(authName, defaultCookieDomain); log.info("Using Cookie store with name {}", authName); } @@ -772,7 +787,6 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { this.includeLoginForm = OsgiUtil.toBoolean(properties.get(PAR_INCLUDE_FORM), DEFAULT_INCLUDE_FORM); this.loginAfterExpire = OsgiUtil.toBoolean(properties.get(PAR_LOGIN_AFTER_EXPIRE), DEFAULT_LOGIN_AFTER_EXPIRE); - } protected void deactivate( @@ -872,7 +886,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { String extractAuthenticationInfo(HttpServletRequest request); void set(HttpServletRequest request, HttpServletResponse response, - String authData); + String authData, AuthenticationInfo info); void clear(HttpServletRequest request, HttpServletResponse response); } @@ -883,9 +897,13 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { */ private static class CookieStorage implements AuthenticationStorage { private final String cookieName; + private final String domainCookieName; + private final String defaultCookieDomain; - public CookieStorage(final String cookieName) { + public CookieStorage(final String cookieName, final String defaultCookieDomain) { this.cookieName = cookieName; + this.domainCookieName = cookieName + "." + COOKIE_DOMAIN; + this.defaultCookieDomain = defaultCookieDomain; } public String extractAuthenticationInfo(HttpServletRequest request) { @@ -912,7 +930,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { } public void set(HttpServletRequest request, - HttpServletResponse response, String authData) { + HttpServletResponse response, String authData, AuthenticationInfo info) { // base64 encode to handle any special characters String cookieValue; try { @@ -922,39 +940,52 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { } // send the cookie to the response - setCookie(request, response, cookieValue, -1); + String cookieDomain = (String) info.get(COOKIE_DOMAIN); + if (cookieDomain == null) { + cookieDomain = defaultCookieDomain; + } + setCookie(request, response, this.cookieName, cookieValue, -1, cookieDomain); + setCookie(request, response, this.domainCookieName, cookieDomain, -1, cookieDomain); } public void clear(HttpServletRequest request, HttpServletResponse response) { Cookie oldCookie = null; + String oldCookieDomain = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (this.cookieName.equals(cookie.getName())) { // found the cookie oldCookie = cookie; - break; + } else if (this.domainCookieName.equals(cookie.getName())) { + oldCookieDomain = cookie.getValue(); } } } // remove the old cookie from the client if (oldCookie != null) { - setCookie(request, response, "", 0); + setCookie(request, response, this.cookieName, "", 0, oldCookieDomain); + if (oldCookieDomain != null) { + setCookie(request, response, this.domainCookieName, "", 0, oldCookieDomain); + } } } private void setCookie(final HttpServletRequest request, - final HttpServletResponse response, final String value, - final int age) { + final HttpServletResponse response, final String name, + final String value, final int age, final String domain) { final String ctxPath = request.getContextPath(); final String cookiePath = (ctxPath == null || ctxPath.length() == 0) ? "/" : ctxPath; - Cookie cookie = new Cookie(this.cookieName, value); + Cookie cookie = new Cookie(name, value); + if (domain != null) { + cookie.setDomain(domain); + } cookie.setMaxAge(age); cookie.setPath(cookiePath); cookie.setSecure(request.isSecure()); @@ -985,7 +1016,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { } public void set(HttpServletRequest request, - HttpServletResponse response, String authData) { + HttpServletResponse response, String authData, AuthenticationInfo info) { // store the auth hash as a session attribute HttpSession session = request.getSession(); session.setAttribute(sessionAttributeName, authData); diff --git a/src/main/resources/OSGI-INF/metatype/metatype.properties b/src/main/resources/OSGI-INF/metatype/metatype.properties index 686bd82..5aa2bd7 100644 --- a/src/main/resources/OSGI-INF/metatype/metatype.properties +++ b/src/main/resources/OSGI-INF/metatype/metatype.properties @@ -79,4 +79,9 @@ form.onexpire.login.name = On Login Expire, Re-login form.onexpire.login.description = If true, when the form login expires the user \ will be prompted to re-login. If false they become an anonymous user. The default \ is false. + +form.default.cookie.domain.name = Default Cookie Domain +form.default.cookie.domain.description = The domain on which authentication cookies will \ + be set, unless overridden in the AuthenticationInfo object. The default is null \ + which means to set the cookie on the request domain. \ No newline at end of file -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
