OFBiz OFBiz - Commits

svn commit: r1823311 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ framework/security/config/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jleroux@apache.org
Reply | Threaded
Open this post in threaded view
|

svn commit: r1823311 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ framework/security/config/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/

jleroux@apache.org
Author: jleroux
Date: Tue Feb  6 12:12:55 2018
New Revision: 1823311

URL: http://svn.apache.org/viewvc?rev=1823311&view=rev
Log:
"Applied fix from trunk for revision: 1821600"
------------------------------------------------------------------------
r1821600 | jleroux | 2018-01-19 09:39:05 +0100 (ven., 19 janv. 2018) | 11 lines

Improved: Token Based Authentication
(OFBIZ-9833)

No functional change

As reported by Jinghai on dev ML we should better use "Authorization" than
 "Authorisation" when retrieving the JWT token, even if both are accepted
https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
Also improves the comment on token ttl

Thanks: Jinghai for report
------------------------------------------------------------------------

Modified:
    ofbiz/ofbiz-framework/branches/release17.12/   (props changed)
    ofbiz/ofbiz-framework/branches/release17.12/framework/security/config/security.properties
    ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java
    ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java

Propchange: ofbiz/ofbiz-framework/branches/release17.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb  6 12:12:55 2018
@@ -10,4 +10,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393
+/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821600,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393

Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/security/config/security.properties
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/security/config/security.properties?rev=1823311&r1=1823310&r2=1823311&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/security/config/security.properties (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/security/config/security.properties Tue Feb  6 12:12:55 2018
@@ -138,5 +138,5 @@ use-external-server=N
 external-server-name=localhost:8443
 # -- Query part of the URL to use
 external-server-query=/example/control/
-# -- Time To Live of the token send to the external server
+# -- Time To Live of the token send to the external server in seconds
 external-server-token-duration=30

Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java?rev=1823311&r1=1823310&r2=1823311&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java Tue Feb  6 12:12:55 2018
@@ -202,7 +202,7 @@ public class ContextFilter implements Fi
                     String webAppName = UtilHttp.getApplicationName(httpRequest);
                     String dnsName = ExternalLoginKeysManager.getExternalServerName(httpRequest);
                     long timeToLive = ExternalLoginKeysManager.getJwtTokenTimeToLive(httpRequest);
-                    // We would need a Bearer token (in Authorisation request header) if we were using Oauth2, here we don't, so no Bearer
+                    // We would need a Bearer token (in Authorization request header) if we were using Oauth2, here we don't, so no Bearer
                     value = ExternalLoginKeysManager.createJwt(externalServerUserLoginId, dnsName, webAppName , timeToLive);
                 }
                 if (value != null) return value;

Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java?rev=1823311&r1=1823310&r2=1823311&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java Tue Feb  6 12:12:55 2018
@@ -37,6 +37,7 @@ import org.apache.ofbiz.entity.Delegator
 import org.apache.ofbiz.entity.DelegatorFactory;
 import org.apache.ofbiz.entity.GenericEntityException;
 import org.apache.ofbiz.entity.GenericValue;
+import org.apache.ofbiz.entity.util.EntityQuery;
 import org.apache.ofbiz.entity.util.EntityUtilProperties;
 import org.apache.ofbiz.service.LocalDispatcher;
 import org.apache.ofbiz.webapp.WebAppUtil;
@@ -45,7 +46,6 @@ import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.JwtBuilder;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
-import org.apache.ofbiz.entity.util.EntityQuery;
 
 /**
  * This class manages the authentication tokens that provide single sign-on authentication to the OFBiz applications.
@@ -199,9 +199,9 @@ public class ExternalLoginKeysManager {
                     LoginWorker.setWebContextObjects(request, response, delegator, dispatcher);
                 }
 
-                String authorisationHeader = request.getHeader("Authorisation");
-                if (authorisationHeader != null) {
-                    boolean jwtOK = checkJwt(authorisationHeader, userLogin.getString("userLoginId"), getExternalServerName(request), UtilHttp.getApplicationName(request));
+                String authorizationHeader = request.getHeader("Authorization");
+                if (authorizationHeader != null) {
+                    boolean jwtOK = checkJwt(authorizationHeader, userLogin.getString("userLoginId"), getExternalServerName(request), UtilHttp.getApplicationName(request));
                     if (!jwtOK) {
                         Debug.logWarning("*** There was a problem with the JWT token, loging out the current user: " + externalServerUserLoginId, module);
                         LoginWorker.logout(request, response);


Free forum by Nabble Edit this page