Add session to both header and cookie, possibility to authenticate with token (#151)

Christoffer-Cortes · web-flow · commit 0bc8825cd239 · 2018-08-14T14:50:08.000+02:00
diff --git a/src/main/java/com/ericsson/ei/config/HeaderAndCookieHttpSessionIdResolver.java b/src/main/java/com/ericsson/ei/config/HeaderAndCookieHttpSessionIdResolver.java
@@ -0,0 +1,44 @@
+package com.ericsson.ei.config;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.session.web.http.CookieSerializer;
+import org.springframework.session.web.http.CookieSerializer.CookieValue;
+import org.springframework.session.web.http.DefaultCookieSerializer;
+import org.springframework.session.web.http.HttpSessionIdResolver;
+
+public final class HeaderAndCookieHttpSessionIdResolver implements HttpSessionIdResolver {
+
+    private static final String X_AUTH_TOKEN = "X-Auth-Token";
+    private static final String WRITTEN_SESSION_ID_ATTR = HeaderAndCookieHttpSessionIdResolver.class.getName()
+            .concat(".WRITTEN_SESSION_ID_ATTR");
+
+    private CookieSerializer cookieSerializer = new DefaultCookieSerializer();
+
+    @Override
+    public List<String> resolveSessionIds(HttpServletRequest request) {
+        String headerValue = request.getHeader(X_AUTH_TOKEN);
+        return (headerValue != null ? Collections.singletonList(headerValue)
+                : this.cookieSerializer.readCookieValues(request));
+    }
+
+    @Override
+    public void setSessionId(HttpServletRequest request, HttpServletResponse response, String sessionId) {
+        response.setHeader(X_AUTH_TOKEN, sessionId);
+        if (sessionId.equals(request.getAttribute(WRITTEN_SESSION_ID_ATTR))) {
+            return;
+        }
+        request.setAttribute(WRITTEN_SESSION_ID_ATTR, sessionId);
+        this.cookieSerializer.writeCookieValue(new CookieValue(request, response, sessionId));
+    }
+
+    @Override
+    public void expireSession(HttpServletRequest request, HttpServletResponse response) {
+        response.setHeader(X_AUTH_TOKEN, "");
+        this.cookieSerializer.writeCookieValue(new CookieValue(request, response, ""));
+    }
+}
diff --git a/src/main/java/com/ericsson/ei/config/HttpSessionConfig.java b/src/main/java/com/ericsson/ei/config/HttpSessionConfig.java
@@ -7,6 +7,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.session.data.mongo.MongoOperationsSessionRepository;
 import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
+import org.springframework.session.web.http.HttpSessionIdResolver;
 
 @EnableMongoHttpSession()
 public class HttpSessionConfig {
@@ -28,5 +29,9 @@ public MongoOperationsSessionRepository mongoSessionRepository(MongoOperations m
     public static String getCurrentUser() {
         return SecurityContextHolder.getContext().getAuthentication().getName();
     }
-
+    
+    @Bean
+    public HttpSessionIdResolver httpSessionIdResolver() {
+        return new HeaderAndCookieHttpSessionIdResolver(); 
+    }
 }
