CHE-10861 Add storing of Che Subject into http session in MachineLogin filters
Sergii Leshchenko
parent
2c7bfd4ff9
commit
f39f9b6280
|
|
@ -79,7 +79,8 @@ public class MachineLoginFilter implements Filter {
|
|||
|
||||
// sets subject from session
|
||||
final Subject sessionSubject;
|
||||
if (session != null && (sessionSubject = (Subject) session.getAttribute("principal")) != null) {
|
||||
if (session != null
|
||||
&& (sessionSubject = (Subject) session.getAttribute("che_subject")) != null) {
|
||||
try {
|
||||
EnvironmentContext.getCurrent().setSubject(sessionSubject);
|
||||
chain.doFilter(request, response);
|
||||
|
|
@ -115,7 +116,7 @@ public class MachineLoginFilter implements Filter {
|
|||
false);
|
||||
EnvironmentContext.getCurrent().setSubject(subject);
|
||||
final HttpSession httpSession = httpRequest.getSession(true);
|
||||
httpSession.setAttribute("principal", subject);
|
||||
httpSession.setAttribute("che_subject", subject);
|
||||
chain.doFilter(request, response);
|
||||
} finally {
|
||||
EnvironmentContext.reset();
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ public class MachineLoginFilterTest {
|
|||
|
||||
private static final String SIGNATURE_ALGORITHM = "RSA";
|
||||
private static final String WORKSPACE_ID = "workspace31";
|
||||
private static final String PRINCIPAL = "principal";
|
||||
private static final String SUBJECT = "che_subject";
|
||||
private static final String USER_ID = "test_user31";
|
||||
private static final String USER_NAME = "test_user";
|
||||
|
||||
|
|
@ -105,11 +105,11 @@ public class MachineLoginFilterTest {
|
|||
|
||||
@Test
|
||||
public void testProcessRequestWithSubjectFromSession() throws Exception {
|
||||
when(sessionMock.getAttribute(PRINCIPAL)).thenReturn(subject);
|
||||
when(sessionMock.getAttribute(SUBJECT)).thenReturn(subject);
|
||||
|
||||
machineLoginFilter.doFilter(getRequestMock(sessionMock, machineToken), responseMock, chainMock);
|
||||
|
||||
verify(sessionMock).getAttribute(PRINCIPAL);
|
||||
verify(sessionMock).getAttribute(SUBJECT);
|
||||
verifyZeroInteractions(tokenExtractorMock);
|
||||
}
|
||||
|
||||
|
|
@ -129,7 +129,7 @@ public class MachineLoginFilterTest {
|
|||
machineLoginFilter.doFilter(getRequestMock(null, machineToken), responseMock, chainMock);
|
||||
|
||||
verify(tokenExtractorMock).getToken(any(HttpServletRequest.class));
|
||||
verify(sessionMock).setAttribute(PRINCIPAL, subject);
|
||||
verify(sessionMock).setAttribute(SUBJECT, subject);
|
||||
verifyZeroInteractions(responseMock);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import javax.servlet.ServletResponse;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletRequestWrapper;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import org.eclipse.che.api.core.NotFoundException;
|
||||
import org.eclipse.che.api.core.ServerException;
|
||||
import org.eclipse.che.api.user.server.UserManager;
|
||||
|
|
@ -83,21 +84,24 @@ public class MachineLoginFilter implements Filter {
|
|||
}
|
||||
// check token signature and verify is this token machine or not
|
||||
try {
|
||||
final Claims claims = jwtParser.parseClaimsJws(token).getBody();
|
||||
HttpSession session = ((HttpServletRequest) request).getSession(true);
|
||||
Subject sessionSubject = (Subject) session.getAttribute("che_subject");
|
||||
if (sessionSubject == null || !sessionSubject.getToken().equals(token)) {
|
||||
try {
|
||||
sessionSubject = extractSubject(token);
|
||||
session.setAttribute("che_subject", sessionSubject);
|
||||
} catch (NotFoundException e) {
|
||||
sendErr(
|
||||
response,
|
||||
SC_UNAUTHORIZED,
|
||||
"Authentication with machine token failed because user for this token no longer exist.");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
final String userId = claims.get(USER_ID_CLAIM, String.class);
|
||||
// check if user with such id exists
|
||||
final String userName = userManager.getById(userId).getName();
|
||||
final Subject authorizedSubject =
|
||||
new AuthorizedSubject(
|
||||
new SubjectImpl(userName, userId, token, false), permissionChecker);
|
||||
EnvironmentContext.getCurrent().setSubject(authorizedSubject);
|
||||
chain.doFilter(addUserInRequest(httpRequest, authorizedSubject), response);
|
||||
} catch (NotFoundException ex) {
|
||||
sendErr(
|
||||
response,
|
||||
SC_UNAUTHORIZED,
|
||||
"Authentication with machine token failed because user for this token no longer exist.");
|
||||
EnvironmentContext.getCurrent().setSubject(sessionSubject);
|
||||
chain.doFilter(addUserInRequest(httpRequest, sessionSubject), response);
|
||||
} finally {
|
||||
EnvironmentContext.reset();
|
||||
}
|
||||
|
|
@ -112,6 +116,16 @@ public class MachineLoginFilter implements Filter {
|
|||
}
|
||||
}
|
||||
|
||||
private Subject extractSubject(String token) throws NotFoundException, ServerException {
|
||||
final Claims claims = jwtParser.parseClaimsJws(token).getBody();
|
||||
final String userId = claims.get(USER_ID_CLAIM, String.class);
|
||||
// check if user with such id exists
|
||||
final String userName = userManager.getById(userId).getName();
|
||||
|
||||
return new AuthorizedSubject(
|
||||
new SubjectImpl(userName, userId, token, false), permissionChecker);
|
||||
}
|
||||
|
||||
/** Sets given error code with err message into give response. */
|
||||
private static void sendErr(ServletResponse res, int errCode, String msg) throws IOException {
|
||||
final HttpServletResponse response = (HttpServletResponse) res;
|
||||
|
|
|
|||
Loading…
Reference in New Issue