Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-12 08:25:44 +01:00
Code Issues Packages Projects Releases Activity

remove cookie on logout

Browse Source
This commit is contained in:
Sebastian Sdorra
2015-04-01 10:47:00 +02:00
parent ef50b4f238
commit c921fa9ab0
2 changed files with 30 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
scm-core/src/main/java/sonia/scm/util/HttpUtil.java
View File

@@ -70,15 +70,6 @@ public final class HttpUtil
/** authentication realm for basic authentication */ /** authentication realm for basic authentication */
public static final String AUTHENTICATION_REALM = "SONIA :: SCM Manager"; public static final String AUTHENTICATION_REALM = "SONIA :: SCM Manager";
/** Field description */
public static final String ENCODING = "UTF-8";
/**
* authorization header
* @since 2.0.0
*/
public static final String HEADER_AUTHORIZATION = "Authorization";
/** /**
* Basic authorization scheme * Basic authorization scheme
* @since 2.0.0 * @since 2.0.0
@@ -90,7 +81,22 @@ public final class HttpUtil
* @since 2.0.0 * @since 2.0.0
*/ */
public static final String AUTHORIZATION_SCHEME_BEARER = "Bearer"; public static final String AUTHORIZATION_SCHEME_BEARER = "Bearer";
/**
* Name of bearer authentication cookie.
* @since 2.0.0
*/
public static final String COOKIE_BEARER_AUTHENTICATION = "X-Bearer-Token";
/** Field description */
public static final String ENCODING = "UTF-8";
/**
* authorization header
* @since 2.0.0
*/
public static final String HEADER_AUTHORIZATION = "Authorization";
/** /**
* location header * location header
* @since 1.43 * @since 1.43

18
scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
View File

@@ -60,6 +60,7 @@ import sonia.scm.security.BearerTokenGenerator;
import sonia.scm.security.Tokens; import sonia.scm.security.Tokens;
import sonia.scm.user.User; import sonia.scm.user.User;
import sonia.scm.util.HttpUtil; import sonia.scm.util.HttpUtil;
import sonia.scm.util.Util;
//~--- JDK imports ------------------------------------------------------------ //~--- JDK imports ------------------------------------------------------------
@@ -69,7 +70,6 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam; import javax.ws.rs.FormParam;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.POST; import javax.ws.rs.POST;
@@ -154,7 +154,7 @@ public class AuthenticationResource
@Context HttpServletResponse response, @Context HttpServletResponse response,
@FormParam("username") String username, @FormParam("username") String username,
@FormParam("password") String password, @FormParam("rememberMe") @FormParam("password") String password, @FormParam("rememberMe")
@QueryParam("cookie") boolean cookie) @QueryParam("cookie") boolean cookie)
{ {
Preconditions.checkArgument(!Strings.isNullOrEmpty(username), Preconditions.checkArgument(!Strings.isNullOrEmpty(username),
"username parameter is required"); "username parameter is required");
@@ -177,7 +177,7 @@ public class AuthenticationResource
if (cookie) if (cookie)
{ {
Cookie c = new Cookie("X-Bearer-Token", token); Cookie c = new Cookie(HttpUtil.COOKIE_BEARER_AUTHENTICATION, token);
c.setPath(request.getContextPath()); c.setPath(request.getContextPath());
@@ -270,11 +270,21 @@ public class AuthenticationResource
subject.logout(); subject.logout();
// remove bearer authentication cookie
Cookie c = new Cookie(
HttpUtil.COOKIE_BEARER_AUTHENTICATION,
Util.EMPTY_STRING
);
c.setPath(request.getContextPath());
c.setMaxAge(0);
c.setHttpOnly(true);
response.addCookie(c);
Response resp; Response resp;
if (configuration.isAnonymousAccessEnabled()) if (configuration.isAnonymousAccessEnabled())
{ {
resp = Response.ok(stateFactory.createAnonymousState()).build(); resp = Response.ok(stateFactory.createAnonymousState()).build();
} }
else else