Enable fingerprint cookie name customization, fixes #12

Coreoz · Apr 14, 2023 · fac5e55 · fac5e55
1 parent 19c259d
commit fac5e55
Showing 1 changed file with 32 additions and 18 deletions.
diff --git a/...-security/src/main/java/com/coreoz/plume/admin/websession/jersey/JerseySessionParser.java b/...-security/src/main/java/com/coreoz/plume/admin/websession/jersey/JerseySessionParser.java
@@ -1,7 +1,6 @@
 package com.coreoz.plume.admin.websession.jersey;
 
 import java.nio.charset.StandardCharsets;
-import java.util.function.BiPredicate;
 
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.core.Cookie;
@@ -21,7 +20,7 @@ public class JerseySessionParser {
 
 	private static final Logger logger = LoggerFactory.getLogger(JerseySessionParser.class);
 
-	private static final BiPredicate<?, ?> ALWAYS_TRUE_BI_PREDICATE = (a, b) -> true;
+	private static final VerifyFingerprintFunction NO_VERIFY_FINGERPRINT_FUNCTION = (a, b, c) -> true;
 
 	public static final String FINGERPRINT_COOKIE_NAME = "session-fgp";
 
@@ -30,25 +29,33 @@ public class JerseySessionParser {
 	private static final String BEARER_PREFIX = "Bearer ";
 	private static final Object EMPTY_SESSION = new Object();
 
+	@SuppressWarnings({ "unchecked", "rawtypes" })
 	public static <T> T currentSessionInformation(ContainerRequestContext request,
 			WebSessionSigner webSessionSigner, Class<T> webSessionClass) {
-		return currentSessionInformationWithCheck(request, webSessionSigner, webSessionClass, alwaysTrueBiPredicate());
+		return (T) currentSessionInformation(request, webSessionSigner, (Class) webSessionClass, false);
 	}
 
 	public static <T extends WebSessionFingerprint> T currentSessionInformationWithFingerprintCheck(
 			ContainerRequestContext request, WebSessionSigner webSessionSigner, Class<T> webSessionClass) {
-		return currentSessionInformationWithCheck(request, webSessionSigner, webSessionClass, JerseySessionParser::verifyFingerprintHash);
+		return currentSessionInformation(request, webSessionSigner, webSessionClass, true);
 	}
 
 	public static <T extends WebSessionFingerprint> T currentSessionInformation(ContainerRequestContext request,
 			WebSessionSigner webSessionSigner, Class<T> webSessionClass, boolean verifyCookieFingerprint) {
+		return currentSessionInformation(request, webSessionSigner, webSessionClass, verifyCookieFingerprint, FINGERPRINT_COOKIE_NAME);
+	}
+
+	public static <T extends WebSessionFingerprint> T currentSessionInformation(ContainerRequestContext request,
+			WebSessionSigner webSessionSigner, Class<T> webSessionClass, boolean verifyCookieFingerprint,
+			String fingerprintCookieName) {
 		return currentSessionInformationWithCheck(
 			request,
 			webSessionSigner,
 			webSessionClass,
 			verifyCookieFingerprint ?
-				(BiPredicate<ContainerRequestContext, T>) JerseySessionParser::verifyFingerprintHash
-				: alwaysTrueBiPredicate()
+				JerseySessionParser::verifyFingerprintHash
+				: NO_VERIFY_FINGERPRINT_FUNCTION,
+			fingerprintCookieName
 		);
 	}
 
@@ -58,17 +65,15 @@ public static String hashFingerprint(String fingerprint) {
 
 	//	private
 
-	@SuppressWarnings("unchecked")
-	private static<T, U> BiPredicate<T, U> alwaysTrueBiPredicate() {
-		return (BiPredicate<T, U>) ALWAYS_TRUE_BI_PREDICATE;
-	}
-
-	private static boolean verifyFingerprintHash(ContainerRequestContext request, WebSessionFingerprint webSessionFingerprint) {
-		return verifyFingerprintHash(request, webSessionFingerprint.getHashedFingerprint());
+	private static boolean verifyFingerprintHash(
+			ContainerRequestContext request,
+			WebSessionFingerprint webSessionFingerprint,
+			String fingerprintCookieName) {
+		return verifyFingerprintHash(request, webSessionFingerprint.getHashedFingerprint(), fingerprintCookieName);
 	}
 
-	private static boolean verifyFingerprintHash(ContainerRequestContext request, String hashedFingerprint) {
-		Cookie fingerprintCookie = request.getCookies().get(FINGERPRINT_COOKIE_NAME);
+	private static boolean verifyFingerprintHash(ContainerRequestContext request, String hashedFingerprint, String fingerprintCookieName) {
+		Cookie fingerprintCookie = request.getCookies().get(fingerprintCookieName);
 		if(fingerprintCookie == null || fingerprintCookie.getValue() == null) {
 			logger.warn("No fingerprint cookie provided (are you using HTTPS?), you can disable the "
 					+ "admin.session.use-fingerprint-cookie parameter if that is an issue "
@@ -87,15 +92,15 @@ private static boolean verifyFingerprintHash(ContainerRequestContext request, St
 	}
 
 	@SuppressWarnings("unchecked")
-	private static <T> T currentSessionInformationWithCheck(ContainerRequestContext request,
+	private static <T extends WebSessionFingerprint> T currentSessionInformationWithCheck(ContainerRequestContext request,
 			WebSessionSigner webSessionSigner, Class<T> webSessionClass,
-			BiPredicate<ContainerRequestContext, T> checkFunction) {
+			VerifyFingerprintFunction checkFunction, String fingerprintCookieName) {
 		Object webSession = request.getProperty(REQUEST_SESSION_ATTRIBUTE_NAME);
 		if (webSession == null) {
 			String webSessionSerialized = parseAuthorizationBearer(request);
 			if(webSessionSerialized != null) {
 				T webSessionParsed = webSessionSigner.parseSession(webSessionSerialized, webSessionClass);
-				if(webSessionParsed != null && checkFunction.test(request, webSessionParsed)) {
+				if(webSessionParsed != null && checkFunction.verifyFingerprint(request, webSessionParsed, fingerprintCookieName)) {
 					webSession = webSessionParsed;
 				}
 			}
@@ -114,5 +119,14 @@ private static String parseAuthorizationBearer(ContainerRequestContext request)
 		}
 		return authorization.substring(BEARER_PREFIX.length());
 	}
+
+	@FunctionalInterface
+	private static interface VerifyFingerprintFunction {
+		boolean verifyFingerprint(
+			ContainerRequestContext request,
+			WebSessionFingerprint webSessionFingerprint,
+			String fingerprintCookieName
+		);
+	}
 
 }