Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-13 00:45:44 +01:00
Code Issues Packages Projects Releases Activity

X-SCM-Session-ID and X-SCM-Client could now be send via query parameter

Browse Source 
The use of query parameters is required for SSE, because the standard does not support header.
This works currently only for GET request to avoid parsing of request body.
This commit is contained in:
Sebastian Sdorra
2020-03-20 11:10:05 +01:00
parent c34d76d318
commit f8f5aa2ebd
10 changed files with 145 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
scm-webapp/src/main/java/sonia/scm/web/BearerWebTokenGenerator.java
View File

@@ -35,6 +35,7 @@ package sonia.scm.web;
import sonia.scm.plugin.Extension;
import sonia.scm.security.BearerToken;
import sonia.scm.security.SessionId;
import sonia.scm.util.HttpUtil;
//~--- JDK imports ------------------------------------------------------------
@@ -68,10 +69,8 @@ public class BearerWebTokenGenerator extends SchemeBasedWebTokenGenerator
{
BearerToken token = null;
if (HttpUtil.AUTHORIZATION_SCHEME_BEARER.equalsIgnoreCase(scheme))
{
String sessionId = request.getHeader(HttpUtil.HEADER_SCM_SESSION);
token = BearerToken.create(sessionId, authorization);
if (HttpUtil.AUTHORIZATION_SCHEME_BEARER.equalsIgnoreCase(scheme)) {
token = BearerToken.create(SessionId.from(request).orElse(null), authorization);
}
return token;

17
scm-webapp/src/main/java/sonia/scm/web/CookieBearerWebTokenGenerator.java
View File

@@ -40,6 +40,8 @@ import sonia.scm.security.BearerToken;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import sonia.scm.security.SessionId;
import sonia.scm.util.HttpUtil;
/**
@@ -62,19 +64,14 @@ public class CookieBearerWebTokenGenerator implements WebTokenGenerator
* @return {@link BearerToken} or {@code null}
*/
@Override
public BearerToken createToken(HttpServletRequest request)
{
public BearerToken createToken(HttpServletRequest request) {
BearerToken token = null;
Cookie[] cookies = request.getCookies();
if (cookies != null)
{
for (Cookie cookie : cookies)
{
if (HttpUtil.COOKIE_BEARER_AUTHENTICATION.equals(cookie.getName()))
{
String sessionId = HttpUtil.getHeader(request, HttpUtil.HEADER_SCM_SESSION, null);
token = BearerToken.create(sessionId, cookie.getValue());
if (cookies != null) {
for (Cookie cookie : cookies) {
if (HttpUtil.COOKIE_BEARER_AUTHENTICATION.equals(cookie.getName())) {
token = BearerToken.create(SessionId.from(request).orElse(null), cookie.getValue());
break;
}