OFBiz OFBiz - Commits

svn commit: r1826949 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jleroux@apache.org
Reply | Threaded
Open this post in threaded view
|

svn commit: r1826949 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java

jleroux@apache.org
Author: jleroux
Date: Fri Mar 16 10:02:03 2018
New Revision: 1826949

URL: http://svn.apache.org/viewvc?rev=1826949&view=rev
Log:
Improved: Token Based Authentication
(OFBIZ-9833)

Removes the code I temporarily removed on trunk demo (controversial) to test my
changes

Also adds the LoginWorker.autoLoginSet()

This is just a commit to go ahead, later I will revert all related and provide
a patch for discussion at OFBIZ-9833.

I'll also certainly use Deepak's JWTManager.createJwt() instead of mine, it's
more general and I actually only need to pass the userLoginId. We have though
to discuss that anyway, I see some differences...

Modified:
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java?rev=1826949&r1=1826948&r2=1826949&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java Fri Mar 16 10:02:03 2018
@@ -32,7 +32,6 @@ import javax.servlet.http.HttpSession;
 import javax.xml.bind.DatatypeConverter;
 
 import org.apache.ofbiz.base.util.Debug;
-import org.apache.ofbiz.base.util.UtilHttp;
 import org.apache.ofbiz.entity.Delegator;
 import org.apache.ofbiz.entity.DelegatorFactory;
 import org.apache.ofbiz.entity.GenericEntityException;
@@ -186,18 +185,13 @@ public class ExternalLoginKeysManager {
         Delegator delegator = (Delegator) request.getAttribute("delegator");
         HttpSession session = request.getSession();
 
-        // The target server does not allow external login by default
-        boolean useExternalServer = EntityUtilProperties.getPropertyAsBoolean("security", "use-external-server", false);
-        String sourceWebappName = request.getParameter(SOURCE_SERVER_WEBAPP_NAME);
-        if (!useExternalServer || sourceWebappName == null) return "success"; // Nothing to do here
-
         try {
             String userLoginId = null;
             String authorizationHeader = request.getHeader("Authorization");
             if (authorizationHeader != null) {
                 Claims claims = returnsClaims(authorizationHeader);
                 userLoginId = getSourceUserLoginId(claims );
-                boolean jwtOK = checkJwt(authorizationHeader, userLoginId, getTargetServerUrl(request), UtilHttp.getApplicationName(request));
+                boolean jwtOK = checkJwt(authorizationHeader, userLoginId, "", "");
                 if (!jwtOK) {
                     // Something unexpected happened here
                     Debug.logWarning("*** There was a problem with the JWT token, not signin in the user login " + userLoginId, module);
@@ -234,6 +228,9 @@ public class ExternalLoginKeysManager {
             Debug.logError(e, "Cannot get autoUserLogin information: " + e.getMessage(), module);
         }
 
+        // make sure the autoUserLogin is set to the same and that the client cookie has the correct userLoginId
+        LoginWorker.autoLoginSet(request, response);
+        
         return "success";
     }
     


Free forum by Nabble Edit this page