-
Notifications
You must be signed in to change notification settings - Fork 78
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a new concept of "signer" in order to delegate the process of coo…
…kie signing, and cookie signature check. The cookie filter will no more do this work, but delegates signing and signature verification to its injected signer. Create a DefaultCookieSigner component which use the existing SignatureKey in order to stay compatible with previous releases. The DefaultCookieSigner get the signature key by dependency injection and use the HMAC-SHA1 algorithm (defined in Crypto class) to sign the cookie.
- Loading branch information
Showing
5 changed files
with
117 additions
and
47 deletions.
There are no files selected for viewing
33 changes: 33 additions & 0 deletions
33
restx-core/src/main/java/restx/security/DefaultCookieSigner.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package restx.security; | ||
|
||
import javax.inject.Named; | ||
|
||
import com.google.common.base.Optional; | ||
|
||
import restx.common.Crypto; | ||
import restx.factory.Component; | ||
|
||
/** | ||
* Default cookie signer, using HMAC-SHA1 algorithm to sign the cookie. | ||
* | ||
* @author apeyrard | ||
*/ | ||
@Component | ||
@Named(RestxSessionCookieFilter.COOKIE_SIGNER_NAME) | ||
public class DefaultCookieSigner implements Signer { | ||
private final SignatureKey signatureKey; | ||
|
||
public DefaultCookieSigner(Optional<SignatureKey> signatureKey) { | ||
this.signatureKey = signatureKey.or(SignatureKey.DEFAULT); | ||
} | ||
|
||
@Override | ||
public String sign(String cookie) { | ||
return Crypto.sign(cookie, signatureKey.getKey()); | ||
} | ||
|
||
@Override | ||
public boolean verify(String cookie, String signedCookie) { | ||
return sign(cookie).equals(signedCookie); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
package restx.security; | ||
|
||
/** | ||
* Permits to sign and verify messages. | ||
* | ||
* @author apeyrard | ||
*/ | ||
public interface Signer { | ||
|
||
/** | ||
* Sign the specified message. | ||
* @param message The message to sign. | ||
* @return The signed message. | ||
*/ | ||
String sign(String message); | ||
|
||
/** | ||
* Verify if the specified message correspond to the signed one. | ||
* @param message The message to verify. | ||
* @param signedMessage The signed message. | ||
* @return True if the message is corresponding to the signed message, false otherwise. | ||
*/ | ||
boolean verify(String message, String signedMessage); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters