From fac5e554b13ee64a5e88b0f4d98f277f027d88e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Manteaux?= Date: Fri, 14 Apr 2023 13:48:31 +0200 Subject: [PATCH] Enable fingerprint cookie name customization, fixes #12 --- .../jersey/JerseySessionParser.java | 50 ++++++++++++------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/plume-admin-security/src/main/java/com/coreoz/plume/admin/websession/jersey/JerseySessionParser.java b/plume-admin-security/src/main/java/com/coreoz/plume/admin/websession/jersey/JerseySessionParser.java index 29fbbe4..02ae12a 100644 --- a/plume-admin-security/src/main/java/com/coreoz/plume/admin/websession/jersey/JerseySessionParser.java +++ b/plume-admin-security/src/main/java/com/coreoz/plume/admin/websession/jersey/JerseySessionParser.java @@ -1,7 +1,6 @@ package com.coreoz.plume.admin.websession.jersey; import java.nio.charset.StandardCharsets; -import java.util.function.BiPredicate; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.core.Cookie; @@ -21,7 +20,7 @@ public class JerseySessionParser { private static final Logger logger = LoggerFactory.getLogger(JerseySessionParser.class); - private static final BiPredicate ALWAYS_TRUE_BI_PREDICATE = (a, b) -> true; + private static final VerifyFingerprintFunction NO_VERIFY_FINGERPRINT_FUNCTION = (a, b, c) -> true; public static final String FINGERPRINT_COOKIE_NAME = "session-fgp"; @@ -30,25 +29,33 @@ public class JerseySessionParser { private static final String BEARER_PREFIX = "Bearer "; private static final Object EMPTY_SESSION = new Object(); + @SuppressWarnings({ "unchecked", "rawtypes" }) public static T currentSessionInformation(ContainerRequestContext request, WebSessionSigner webSessionSigner, Class webSessionClass) { - return currentSessionInformationWithCheck(request, webSessionSigner, webSessionClass, alwaysTrueBiPredicate()); + return (T) currentSessionInformation(request, webSessionSigner, (Class) webSessionClass, false); } public static T currentSessionInformationWithFingerprintCheck( ContainerRequestContext request, WebSessionSigner webSessionSigner, Class webSessionClass) { - return currentSessionInformationWithCheck(request, webSessionSigner, webSessionClass, JerseySessionParser::verifyFingerprintHash); + return currentSessionInformation(request, webSessionSigner, webSessionClass, true); } public static T currentSessionInformation(ContainerRequestContext request, WebSessionSigner webSessionSigner, Class webSessionClass, boolean verifyCookieFingerprint) { + return currentSessionInformation(request, webSessionSigner, webSessionClass, verifyCookieFingerprint, FINGERPRINT_COOKIE_NAME); + } + + public static T currentSessionInformation(ContainerRequestContext request, + WebSessionSigner webSessionSigner, Class webSessionClass, boolean verifyCookieFingerprint, + String fingerprintCookieName) { return currentSessionInformationWithCheck( request, webSessionSigner, webSessionClass, verifyCookieFingerprint ? - (BiPredicate) JerseySessionParser::verifyFingerprintHash - : alwaysTrueBiPredicate() + JerseySessionParser::verifyFingerprintHash + : NO_VERIFY_FINGERPRINT_FUNCTION, + fingerprintCookieName ); } @@ -58,17 +65,15 @@ public static String hashFingerprint(String fingerprint) { // private - @SuppressWarnings("unchecked") - private static BiPredicate alwaysTrueBiPredicate() { - return (BiPredicate) ALWAYS_TRUE_BI_PREDICATE; - } - - private static boolean verifyFingerprintHash(ContainerRequestContext request, WebSessionFingerprint webSessionFingerprint) { - return verifyFingerprintHash(request, webSessionFingerprint.getHashedFingerprint()); + private static boolean verifyFingerprintHash( + ContainerRequestContext request, + WebSessionFingerprint webSessionFingerprint, + String fingerprintCookieName) { + return verifyFingerprintHash(request, webSessionFingerprint.getHashedFingerprint(), fingerprintCookieName); } - private static boolean verifyFingerprintHash(ContainerRequestContext request, String hashedFingerprint) { - Cookie fingerprintCookie = request.getCookies().get(FINGERPRINT_COOKIE_NAME); + private static boolean verifyFingerprintHash(ContainerRequestContext request, String hashedFingerprint, String fingerprintCookieName) { + Cookie fingerprintCookie = request.getCookies().get(fingerprintCookieName); if(fingerprintCookie == null || fingerprintCookie.getValue() == null) { logger.warn("No fingerprint cookie provided (are you using HTTPS?), you can disable the " + "admin.session.use-fingerprint-cookie parameter if that is an issue " @@ -87,15 +92,15 @@ private static boolean verifyFingerprintHash(ContainerRequestContext request, St } @SuppressWarnings("unchecked") - private static T currentSessionInformationWithCheck(ContainerRequestContext request, + private static T currentSessionInformationWithCheck(ContainerRequestContext request, WebSessionSigner webSessionSigner, Class webSessionClass, - BiPredicate checkFunction) { + VerifyFingerprintFunction checkFunction, String fingerprintCookieName) { Object webSession = request.getProperty(REQUEST_SESSION_ATTRIBUTE_NAME); if (webSession == null) { String webSessionSerialized = parseAuthorizationBearer(request); if(webSessionSerialized != null) { T webSessionParsed = webSessionSigner.parseSession(webSessionSerialized, webSessionClass); - if(webSessionParsed != null && checkFunction.test(request, webSessionParsed)) { + if(webSessionParsed != null && checkFunction.verifyFingerprint(request, webSessionParsed, fingerprintCookieName)) { webSession = webSessionParsed; } } @@ -114,5 +119,14 @@ private static String parseAuthorizationBearer(ContainerRequestContext request) } return authorization.substring(BEARER_PREFIX.length()); } + + @FunctionalInterface + private static interface VerifyFingerprintFunction { + boolean verifyFingerprint( + ContainerRequestContext request, + WebSessionFingerprint webSessionFingerprint, + String fingerprintCookieName + ); + } }