From c921fa9ab093479b0cb49ec9d00df643b79867e7 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Wed, 1 Apr 2015 10:47:00 +0200 Subject: [PATCH] remove cookie on logout --- .../main/java/sonia/scm/util/HttpUtil.java | 26 ++++++++++++------- .../resources/AuthenticationResource.java | 18 ++++++++++--- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/scm-core/src/main/java/sonia/scm/util/HttpUtil.java b/scm-core/src/main/java/sonia/scm/util/HttpUtil.java index 8399a5eb22..daa0f2c245 100644 --- a/scm-core/src/main/java/sonia/scm/util/HttpUtil.java +++ b/scm-core/src/main/java/sonia/scm/util/HttpUtil.java @@ -70,15 +70,6 @@ public final class HttpUtil /** authentication realm for basic authentication */ public static final String AUTHENTICATION_REALM = "SONIA :: SCM Manager"; - /** Field description */ - public static final String ENCODING = "UTF-8"; - - /** - * authorization header - * @since 2.0.0 - */ - public static final String HEADER_AUTHORIZATION = "Authorization"; - /** * Basic authorization scheme * @since 2.0.0 @@ -90,7 +81,22 @@ public final class HttpUtil * @since 2.0.0 */ public static final String AUTHORIZATION_SCHEME_BEARER = "Bearer"; - + + /** + * Name of bearer authentication cookie. + * @since 2.0.0 + */ + public static final String COOKIE_BEARER_AUTHENTICATION = "X-Bearer-Token"; + + /** Field description */ + public static final String ENCODING = "UTF-8"; + + /** + * authorization header + * @since 2.0.0 + */ + public static final String HEADER_AUTHORIZATION = "Authorization"; + /** * location header * @since 1.43 diff --git a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java index f9a95bf7ba..9143488ccd 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java +++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java @@ -60,6 +60,7 @@ import sonia.scm.security.BearerTokenGenerator; import sonia.scm.security.Tokens; import sonia.scm.user.User; import sonia.scm.util.HttpUtil; +import sonia.scm.util.Util; //~--- JDK imports ------------------------------------------------------------ @@ -69,7 +70,6 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.ws.rs.DefaultValue; import javax.ws.rs.FormParam; import javax.ws.rs.GET; import javax.ws.rs.POST; @@ -154,7 +154,7 @@ public class AuthenticationResource @Context HttpServletResponse response, @FormParam("username") String username, @FormParam("password") String password, @FormParam("rememberMe") - @QueryParam("cookie") boolean cookie) + @QueryParam("cookie") boolean cookie) { Preconditions.checkArgument(!Strings.isNullOrEmpty(username), "username parameter is required"); @@ -177,7 +177,7 @@ public class AuthenticationResource if (cookie) { - Cookie c = new Cookie("X-Bearer-Token", token); + Cookie c = new Cookie(HttpUtil.COOKIE_BEARER_AUTHENTICATION, token); c.setPath(request.getContextPath()); @@ -270,11 +270,21 @@ public class AuthenticationResource subject.logout(); + // remove bearer authentication cookie + Cookie c = new Cookie( + HttpUtil.COOKIE_BEARER_AUTHENTICATION, + Util.EMPTY_STRING + ); + c.setPath(request.getContextPath()); + c.setMaxAge(0); + c.setHttpOnly(true); + + response.addCookie(c); + Response resp; if (configuration.isAnonymousAccessEnabled()) { - resp = Response.ok(stateFactory.createAnonymousState()).build(); } else