Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Scout » Store Cookie in AccessController(Persisting a cookie in the browser)
Store Cookie in AccessController [message #1827857] Mon, 25 May 2020 17:49 Go to next message
Maak K is currently offline Maak KFriend
Messages: 2
Registered: May 2020
Junior Member
I have a custom AccessController which only triggers when a certain url is called. The url contains an access token which I can verify over a REST call.

I would now like to store a cookie, which automatically logs the user in, after re-opening the browser.

The basics seem to work - I can store and read my created principal on the session. However, as soon as a new session gets created, the cookie does not seem to be present anymore. The max age of the cookie is set to 36000 and in the console I can see that the cookie should get stored.
Store signed cookie 'sso.user.id' for 'User' - MDC[]

How can I persist my cookie properly?

CustomAccessController.java
@Override
public boolean handle(final HttpServletRequest req, final HttpServletResponse resp, final FilterChain chain) throws IOException, ServletException {

    if (!"/customauth".equals(req.getPathInfo())) {
        return false;
    }
    
    //Read query params and validate params over REST
    boolean tokenIsValid = ...;
    
    if (tokenIsValid) {
        // force a new HTTP session to be created.
        final HttpSession session = req.getSession(false);
		if (session != null) {
			session.invalidate();
		}
        // Put authenticated principal onto (new) HTTP session
        storePrincipalToCookie(req, resp, principal); //default implementation from CookieAccessController
        
        BEANS.get(ServletFilterHelper.class).putPrincipalOnSession(req, principal);
        
        //Redirect to main application
        BEANS.get(ServletFilterHelper.class).forwardTo(req, resp, "/");
        BEANS.get(ServletFilterHelper.class).continueChainAsSubject(principal, req, resp, chain);
        return true;
    } else {
        //User will fall into AnonymousAccessController
        BEANS.get(ServletFilterHelper.class).forwardTo(req, resp, "/");
        return false;
    }
}
]

My AccessController gets executed before the default CookeAccessController.
UiServletFilter.java.java
if (m_customAccessController.handle(req, resp, chain)) {
    return;
}

if (m_cookieAccessController.handle(req, resp, chain)) {
    return;
}


Thanks for your help!

[Updated on: Mon, 25 May 2020 20:37]

Report message to a moderator

Re: Store Cookie in AccessController [message #1827870 is a reply to message #1827857] Tue, 26 May 2020 06:51 Go to previous messageGo to next message
Ivan Motsch is currently offline Ivan MotschFriend
Messages: 154
Registered: March 2010
Senior Member
Maybe it is this:

Here you are removing the old session, which is good (OWASP...)
final HttpSession session = req.getSession(false);
		if (session != null) {
			session.invalidate();
		}

Now request.getSession(false) yields null

This call here is then calling request.getSession(false) which yields null and is not storing the cookie.
Before calling 
storePrincipalToCookie
make a call to 
request.getSession()
to force the creation of a new session.
Now request.getSession(false) yields the new session.
        storePrincipalToCookie(req, resp, principal); //default implementation from CookieAccessController


If you call this before storePrincipalToCookie the the session would be automatically created since putPrincipalOnSession is itself calling request.getSession
        BEANS.get(ServletFilterHelper.class).putPrincipalOnSession(req, principal);

Report message to a moderator

Re: Store Cookie in AccessController [message #1827914 is a reply to message #1827870] Tue, 26 May 2020 19:13 Go to previous message
Maak K is currently offline Maak KFriend
Messages: 2
Registered: May 2020
Junior Member
You are right, that was exactly the problem.

I switched those 2 lines, so it looks like this.

CustomAccessController.java
storePrincipalToCookie(req, resp, principal); //default implementation from CookieAccessController
BEANS.get(ServletFilterHelper.class).putPrincipalOnSession(req, principal);


Everything works fine now, thanks a lot!

Report message to a moderator

Previous Topic:Get Font Image on the fly
Next Topic:Cache example
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Apr 25 02:04:39 GMT 2024

Powered by FUDForum. Page generated in 0.04090 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly