Repository: syncope Updated Branches: refs/heads/master 8e8368e19 -> 29f2d7b26
fixed build problems, added session check for cookie creation Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/29f2d7b2 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/29f2d7b2 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/29f2d7b2 Branch: refs/heads/master Commit: 29f2d7b2617a9dd2e5dd2f40f7d25e5cfc49cd95 Parents: 8e8368e Author: Andrea Patricelli <andrea.patrice...@tirasa.net> Authored: Thu Dec 31 11:03:32 2015 +0100 Committer: Andrea Patricelli <andrea.patrice...@tirasa.net> Committed: Thu Dec 31 11:03:32 2015 +0100 ---------------------------------------------------------------------- .../client/enduser/SyncopeEnduserSession.java | 10 +++++ .../client/enduser/resources/InfoResource.java | 9 +++-- .../client/enduser/util/SaltGenerator.java | 38 ++++++++++++++++++ .../syncope/client/lib/SaltGenerator.java | 42 -------------------- 4 files changed, 53 insertions(+), 46 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java ---------------------------------------------------------------------- diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java index cb51436..89b566b 100644 --- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java +++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java @@ -65,6 +65,8 @@ public class SyncopeEnduserSession extends WebSession { private final Map<Class<?>, Object> services = Collections.synchronizedMap(new HashMap<Class<?>, Object>()); private final CookieUtils cookieUtils; + + private boolean xsrfTokenGenerated = false; public static SyncopeEnduserSession get() { return (SyncopeEnduserSession) Session.get(); @@ -182,4 +184,12 @@ public class SyncopeEnduserSession extends WebSession { return cookieUtils; } + public boolean isXsrfTokenGenerated() { + return xsrfTokenGenerated; + } + + public void setXsrfTokenGenerated(final boolean xsrfTokenGenerated) { + this.xsrfTokenGenerated = xsrfTokenGenerated; + } + } http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java ---------------------------------------------------------------------- diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java index 1449cf0..813dd8b 100644 --- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java +++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/InfoResource.java @@ -24,7 +24,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.syncope.client.enduser.SyncopeEnduserConstants; import org.apache.syncope.client.enduser.SyncopeEnduserSession; import org.apache.syncope.client.enduser.adapters.SyncopeTOAdapter; -import org.apache.syncope.client.lib.SaltGenerator; +import org.apache.syncope.client.enduser.util.SaltGenerator; import org.apache.syncope.core.misc.serialization.POJOHelper; import org.apache.wicket.request.resource.IResource; import org.apache.wicket.util.cookies.CookieUtils; @@ -50,11 +50,12 @@ public class InfoResource extends AbstractBaseResource { try { final CookieUtils sessionCookieUtils = SyncopeEnduserSession.get().getCookieUtils(); -// HttpServletRequest request = (HttpServletRequest) attributes.getRequest().getContainerRequest(); // set XSRF_TOKEN cookie - if (sessionCookieUtils.getCookie(SyncopeEnduserConstants.XSRF_COOKIE) == null || StringUtils.isBlank( - sessionCookieUtils.getCookie(SyncopeEnduserConstants.XSRF_COOKIE).getValue())) { + if (!SyncopeEnduserSession.get().isXsrfTokenGenerated() && (sessionCookieUtils.getCookie( + SyncopeEnduserConstants.XSRF_COOKIE) == null || StringUtils.isBlank( + sessionCookieUtils.getCookie(SyncopeEnduserConstants.XSRF_COOKIE).getValue()))) { LOG.info("Set XSRF-TOKEN cookie"); + SyncopeEnduserSession.get().setXsrfTokenGenerated(true); sessionCookieUtils.save(SyncopeEnduserConstants.XSRF_COOKIE, SaltGenerator.generate( SyncopeEnduserSession.get().getId())); } http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java ---------------------------------------------------------------------- diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java new file mode 100644 index 0000000..19896b4 --- /dev/null +++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.client.enduser.util; + +import java.security.SecureRandom; +import org.apache.wicket.util.crypt.Base64; +import org.apache.commons.codec.digest.DigestUtils; + +public final class SaltGenerator { + + public static String generate(final String input) { + // generate salt + byte[] salt = new byte[16]; + // fill array with random bytes + new SecureRandom().nextBytes(salt); + // create digest with MD5 + return DigestUtils.md2Hex(input + Base64.encodeBase64String(salt)); + } + + private SaltGenerator() { + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/29f2d7b2/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java ---------------------------------------------------------------------- diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java b/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java deleted file mode 100644 index 911a49b..0000000 --- a/client/lib/src/main/java/org/apache/syncope/client/lib/SaltGenerator.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.syncope.client.lib; - -import java.security.SecureRandom; -import java.util.Base64; -import org.apache.commons.codec.digest.DigestUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public final class SaltGenerator { - - private static final Logger LOG = LoggerFactory.getLogger(SaltGenerator.class); - - public static String generate(final String input) { - // generate salt - byte[] salt = new byte[16]; - // fill array with random bytes - new SecureRandom().nextBytes(salt); - // create digest with MD5 - return DigestUtils.md2Hex(input + Base64.getEncoder().encodeToString(salt)); - } - - private SaltGenerator() { - } -}