[Yanel-commits] rev 59318 - public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl
michi at wyona.com
michi at wyona.com
Mon Jul 11 21:14:15 CEST 2011
Author: michi
Date: 2011-07-11 21:14:15 +0200 (Mon, 11 Jul 2011)
New Revision: 59318
Modified:
public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java
public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java
Log:
cookie context path improved instead hardcoded root path
Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java 2011-07-11 14:52:21 UTC (rev 59317)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java 2011-07-11 19:14:15 UTC (rev 59318)
@@ -65,10 +65,10 @@
* @param response HTTP response to which cookie will be attached
* @param realm Realm of repository to which user token will be attached
*/
- public static void enableAutoLogin(String username, HttpServletResponse response, Realm realm) {
+ public static void enableAutoLogin(String username, HttpServletRequest request, HttpServletResponse response, Realm realm) {
try {
//set cookie
- Cookie cookie = setNewCookie(username, response);
+ Cookie cookie = setNewCookie(username, request, response);
//save token
saveToken(cookie, realm.getRepository());
} catch (Exception e) {
@@ -136,7 +136,7 @@
if (username.equals(savedUsername) && token.equals(savedToken)) {
log.debug("retrieved cookie matches for user '"+username+"'");
if (hasTokenExpired(expiryString)) {
- Cookie newCookie = setNewCookie(username, response);
+ Cookie newCookie = setNewCookie(username, request, response);
saveToken(newCookie, realm.getRepository());
deleteToken(realm.getRepository(), yarepPath);
log.debug("Token was expired and has been renewed now.");
@@ -166,14 +166,15 @@
/**
* Set cookie in response
+ * @param username Name of user for which auto login will be enabled
*/
- private static Cookie setNewCookie(String username, HttpServletResponse response) {
+ private static Cookie setNewCookie(String username, HttpServletRequest request, HttpServletResponse response) {
Cookie result = null;
if (username != null) {
String token = UUID.randomUUID().toString();
Cookie cookie = new Cookie(COOKIE_NAME,token+SEP+username);
cookie.setMaxAge(Integer.MAX_VALUE);
- cookie.setPath("/");
+ cookie.setPath(request.getContextPath());
response.addCookie(cookie);
result = cookie;
}
Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java 2011-07-11 14:52:21 UTC (rev 59317)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java 2011-07-11 19:14:15 UTC (rev 59318)
@@ -610,7 +610,7 @@
log.warn("TODO: Implement auto-login");
// Set auto login cookie containing username and secure token, whereas create new secure token per session
// Implement this as utility method such that it can be re-used independent of the default authenticator!
- AutoLogin.enableAutoLogin(loginUsername, response, realm);
+ AutoLogin.enableAutoLogin(loginUsername, request, response, realm);
/*
Cookie autoLoginCookie = AutoLogin.setCookie(loginUsername, request, response); // TODO: What about openID?!
//AutoLogin.saveToken(autoLoginCookie, realm.getIdentityManager().getUserManager());
More information about the Yanel-commits
mailing list