Java Code Examples for javax.ws.rs.core.HttpHeaders#getCookies()

The following examples show how to use javax.ws.rs.core.HttpHeaders#getCookies() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JwtAuthenticationService.java    From Alpine with Apache License 2.0 6 votes vote down vote up 
/**
 * Returns the token (as a String), if it exists, otherwise returns null.
 *
 * @param headers the HttpHeader to inspect to find the Authorization-Token
 *                cookie or Authorization Bearer header
 * @return the token if found, otherwise null
 * @since 1.0.0
 */
private String getAuthorizationToken(final HttpHeaders headers) {
    if (headers.getCookies() != null) {
        for (Map.Entry<String, Cookie> entry : headers.getCookies().entrySet()) {
            if (AuthorizationTokenCookie.COOKIE_NAME.equals(entry.getValue().getName())) {
                return entry.getValue().getValue();
            }
        }
    }
    final List<String> header = headers.getRequestHeader("Authorization");
    if (header != null) {
        final String bearer = header.get(0);
        if (bearer != null && bearer.startsWith("Bearer ")) {
            return bearer.substring("Bearer ".length());
        }
    }
    return null;
}
Example 2
Source File: HttpHeadersImplTest.java    From cxf with Apache License 2.0 5 votes vote down vote up 
@Test
public void testGetCookies() throws Exception {

    Message m = createMessage(createHeader(HttpHeaders.COOKIE, "a=$b;c=d"));
    HttpHeaders h = new HttpHeadersImpl(m);
    Map<String, Cookie> cookies = h.getCookies();
    assertEquals(2, cookies.size());
    assertEquals("$b", cookies.get("a").getValue());
    assertEquals("d", cookies.get("c").getValue());
}
Example 3
Source File: HttpHeadersImplTest.java    From cxf with Apache License 2.0 5 votes vote down vote up 
@Test
public void testGetCookieWithAttributes() throws Exception {

    Message m = createMessage(createHeader(HttpHeaders.COOKIE, "$Version=1;a=b"));
    HttpHeaders h = new HttpHeadersImpl(m);
    Map<String, Cookie> cookies = h.getCookies();
    assertEquals(1, cookies.size());
    Cookie cookie = cookies.get("a");
    assertEquals("b", cookie.getValue());
    assertEquals(1, cookie.getVersion());
}
Example 4
Source File: HttpHeadersImplTest.java    From cxf with Apache License 2.0 5 votes vote down vote up 
@Test
public void testGetCookiesWithAttributes() throws Exception {

    Message m = createMessage(createHeader(HttpHeaders.COOKIE, "$Version=1;a=b, $Version=1;c=d"));
    HttpHeaders h = new HttpHeadersImpl(m);
    Map<String, Cookie> cookies = h.getCookies();
    assertEquals(2, cookies.size());
    Cookie cookieA = cookies.get("a");
    assertEquals("b", cookieA.getValue());
    assertEquals(1, cookieA.getVersion());
    Cookie cookieC = cookies.get("c");
    assertEquals("d", cookieC.getValue());
    assertEquals(1, cookieA.getVersion());
}
Example 5
Source File: HttpHeadersImplTest.java    From cxf with Apache License 2.0 5 votes vote down vote up 
@Test
public void testGetCookiesWithComma() throws Exception {

    Message m = createMessage(createHeader(HttpHeaders.COOKIE, "a=b,c=d"));
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(m);
    ex.put(HttpHeadersImpl.COOKIE_SEPARATOR_PROPERTY, ",");
    m.setExchange(ex);
    HttpHeaders h = new HttpHeadersImpl(m);
    Map<String, Cookie> cookies = h.getCookies();
    assertEquals(2, cookies.size());
    assertEquals("b", cookies.get("a").getValue());
    assertEquals("d", cookies.get("c").getValue());
}
Example 6
Source File: HttpHeadersImplTest.java    From cxf with Apache License 2.0 5 votes vote down vote up 
@Test
public void testGetCookiesWithCRLF() throws Exception {

    Message m = createMessage(createHeader(HttpHeaders.COOKIE, "a=b\r\nc=d"));
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(m);
    ex.put(HttpHeadersImpl.COOKIE_SEPARATOR_PROPERTY, "crlf");
    m.setExchange(ex);
    HttpHeaders h = new HttpHeadersImpl(m);
    Map<String, Cookie> cookies = h.getCookies();
    assertEquals(2, cookies.size());
    assertEquals("b", cookies.get("a").getValue());
    assertEquals("d", cookies.get("c").getValue());
}
Example 7
Source File: HttpHeadersImplTest.java    From cxf with Apache License 2.0 5 votes vote down vote up 
@Test(expected = InternalServerErrorException.class)
public void testInvalidCookieSeparator() throws Exception {

    Message m = createMessage(createHeader(HttpHeaders.COOKIE, "a=b,c=d"));
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(m);
    ex.put(HttpHeadersImpl.COOKIE_SEPARATOR_PROPERTY, "(e+)+");
    m.setExchange(ex);
    HttpHeaders h = new HttpHeadersImpl(m);
    h.getCookies();
}
Example 8
Source File: AbstractServiceProviderFilter.java    From cxf with Apache License 2.0 5 votes vote down vote up 
protected boolean checkSecurityContext(Message m) {
    HttpHeaders headers = new HttpHeadersImpl(m);
    Map<String, Cookie> cookies = headers.getCookies();

    Cookie securityContextCookie = cookies.get(SSOConstants.SECURITY_CONTEXT_TOKEN);

    ResponseState responseState = getValidResponseState(securityContextCookie, m);
    if (responseState == null) {
        return false;
    }

    if (!isSupportUnsolicited()) {
        Cookie relayStateCookie = cookies.get(SSOConstants.RELAY_STATE);
        if (relayStateCookie == null) {
            reportError("MISSING_RELAY_COOKIE");
            return false;
        }
        String originalRelayState = responseState.getRelayState();
        if (!originalRelayState.equals(relayStateCookie.getValue())) {
            // perhaps the response state should also be removed
            reportError("INVALID_RELAY_STATE");
            return false;
        }
    }
    try {
        String assertion = responseState.getAssertion();
        SamlAssertionWrapper assertionWrapper =
            new SamlAssertionWrapper(
                StaxUtils.read(new StringReader(assertion)).getDocumentElement());
        setSecurityContext(m, assertionWrapper);
    } catch (Exception ex) {
        reportError("INVALID_RESPONSE_STATE");
        return false;
    }
    return true;
}
Example 9
Source File: AbstractServiceProviderFilter.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up 
protected boolean checkSecurityContext(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) {
    HttpHeaders headers = new HttpHeadersImpl(m);
    Map<String, Cookie> cookies = headers.getCookies();

    Cookie securityContextCookie = cookies.get(SECURITY_CONTEXT_TOKEN);

    ResponseState responseState = getValidResponseState(securityContextCookie, fedConfig, m);
    if (responseState == null) {
        return false;
    }

    Cookie relayStateCookie = cookies.get(SECURITY_CONTEXT_STATE);
    if (fedConfig.isRequestStateValidation()) {
        if (relayStateCookie == null) {
            reportError("MISSING_RELAY_COOKIE");
            return false;
        }
        String originalRelayState = responseState.getState();
        if (!originalRelayState.equals(relayStateCookie.getValue())) {
            // perhaps the response state should also be removed
            reportError("INVALID_RELAY_STATE");
            return false;
        }

        // Check to see if a CSRF-style attack is being mounted
        String state = getState(fedConfig, params);
        if (state != null && !state.equals(responseState.getState())) {
            LOG.error("wctx parameter does not match stored value");
            throw ExceptionUtils.toForbiddenException(null, null);
        }
    }

    // Create SecurityContext
    try {
        Element token =
            StaxUtils.read(new StringReader(responseState.getAssertion())).getDocumentElement();
        setSecurityContext(responseState, m, token);
    } catch (Exception ex) {
        reportError("INVALID_RESPONSE_STATE");
        return false;
    }

    return true;
}