Can not access cookie on one endpoint, but can on other - java

I need your help on this matter. It looks like I have the Schrodinger's cookie!
I am using Spring Boot with Java. I can successfully create the cookie like this:
public String createNewCookie(HttpServletResponse response) {
// create a cookie
String newToken = AccountsService.generateRandomCode(6);
Cookie cookie = new Cookie("clrToken", newToken);
cookie.setMaxAge(10 * 365 * 24 * 60 * 60); // expires in 10 years
cookie.setSecure(true);
cookie.setHttpOnly(true);
//add cookie to response
response.addCookie(cookie);
return newToken;
}
I can easily fetch created cookie and read its value (token) in one of my controllers like this:
#PostMapping(value = "/public/save",
produces = MediaType.APPLICATION_JSON_VALUE)
#Operation(summary = "Save new affiliate click into database")
public ResponseEntity<AffiliateClickDto> saveAffiliateClick
(#RequestParam Long serviceId,
#CookieValue(value = "clrToken", defaultValue = "") final String token) {
return new ResponseEntity<>(affiliateClickService.saveAffiliateClick(serviceId, token), HttpStatus.OK);
}
But I can not fetch that same cookie from another endpoint in my other controller.
#GetMapping(value = "/public/servicesByFilters",
produces = MediaType.APPLICATION_JSON_VALUE)
#Operation(summary = "Get all Providers Services for filters")
public ResponseEntity<List<ServiceResultPageDTO>> getAllProvidersServicesForFilters
(#RequestParam final Map<String, String> params,
#CookieValue(value = "clrToken", defaultValue = "") final String token) {
return new ResponseEntity<>(services.getAllProvidersServiceForFilters(params, token), HttpStatus.OK);
}
I get an empty String for The String token parameter value.
I allso tried to use the loop to iterate through cookies, but I do not get my "clrToken" at this second endpoint. I can access some other cookies.
public String readAllCookies(HttpServletRequest request) {
String token="";
Cookie[] cookies = request.getCookies();
for (Cookie c : cookies) {
if (Objects.equals(c.getName(), "clrToken")) {
token = c.getValue();
break;
}
}
return token;
}
Who eat my cookie??? :D Does anyone have idea what is happening here? If you need some other info, please ask.

Related

How to get Access Token from Keycloak over SpringBoot?

I'm trying to get an Access Token from Keycloak over SpringBoot and did try the following example. But the KeycloakAuthenticationToken token is null.
Does someone know another approach to get an Access Token?
#GetMapping("/token")
public String getToken(HttpServletRequest request) throws IOException {
KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal();
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext();
KeycloakSecurityContext context = token.getAccount().getKeycloakSecurityContext();
String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getToken());
String idTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getIdToken());
RefreshToken refreshToken;
try {
refreshToken = new JWSInput(session.getRefreshToken()).readJsonContent(RefreshToken.class);
} catch (JWSInputException e) {
throw new IOException(e);
}
String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken);
return refreshTokenPretty;
}
Seems like I can get a token like this with ('org.keycloak:keycloak-admin-client'):
Keycloak keycloak = KeycloakBuilder.builder() //
.serverUrl(serverUrl) //
.realm(realm) //
.grantType(OAuth2Constants.PASSWORD) //
.clientId(clientId) //
.clientSecret(clientSecret) //
.username(userName) //
.password(password) //
.build();
AccessTokenResponse tok = keycloak.tokenManager().getAccessToken();
If someone knows a more elegant way, I would appreciate if you let me know :)
Thanks in advance!
Try the following:
HttpEntity<MultiValueMap<String, String>> request =
new TokenRequest.Builder(clientID, OAuth2Constants.PASSWORD)
.add("username", userName)
.add("password", password)
.build();
ResponseEntity<String> response = restTemplate.postForEntity( postUrl, request , String.class );
return response.getBody();
and the helper class:
public class TokenRequest {
public static class Builder{
MultiValueMap<String, String> data;
public Builder(String clientID, String grant_type){
data = new LinkedMultiValueMap<>();
data.put("client_id", Collections.singletonList(clientID));
data.put("grant_type", Collections.singletonList(grant_type));
}
public Builder add(String key, String value){
data.put(key, Collections.singletonList(value));
return this;
}
public HttpEntity<MultiValueMap<String, String>> build(){
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
return new HttpEntity<>(data, headers);
}
}
private TokenRequest(){
}
}
Try this:
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
KeycloakAuthenticationToken keycloakAuthenticationToken = (KeycloakAuthenticationToken) request.getUserPrincipal();
KeycloakPrincipal<KeycloakSecurityContext> principal = (KeycloakPrincipal) keycloakAuthenticationToken.getPrincipal();
String token = principal.getKeycloakSecurityContext().getIdTokenString();

add Authorization token using Feign client

I have two service connected to a registry, one of them need to query some data from the other, the token need to be passed to the endpoint.
I Have tried the following but it didn't work, the endpoint act as if no token is provided.
#GetMapping("/api/users/find")
#Headers("Authorization: Bearer {token}")
Optional<UserDTO> findUserByEmail(
#Param("token") String token, #RequestParam("email") String email);
#GetMapping("/api/users/find")
Optional<UserDTO> findUserByEmail(
#RequestHeaders("Authorization") String token, #RequestParam("email") String email);
#GetMapping("/api/users/find")
Optional<UserDTO> findUserByEmail(
#HeaderMap Map<String, Object> headers , #RequestParam("email") String email);
Should work lke this #RequestHeader(value = "Authorization") String authorization, but make sure you pass the right value, must be something like Bearer token.
Your this code is absolutely correct.
#GetMapping("/api/users/find")
Optional<UserDTO> findUserByEmail(
#RequestHeaders("Authorization") String token, #RequestParam("email") String email);
Just when you are calling this particular method add "Bearer " in front of the value of the token
token = "Bearer " + token;
findUserByEmail(token,email);
Create Header like this and pass to your feign client
private HttpHeaders getHeaders(final HttpServletRequest httpServletRequest) {
final HttpHeaders headers = new HttpHeaders();
headers.add("authorization", httpServletRequest.getHeader("authorization"));
return headers;
Example 1
Or very simple add intercepter
#Component
public class AuthFeignInterceptor implements RequestInterceptor {
#Override
public void apply(RequestTemplate template) {
final RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
if (requestAttributes != null) {
final HttpServletRequest httpServletRequest = ((ServletRequestAttributes) requestAttributes).getRequest();
template.header(HttpHeaders.AUTHORIZATION, httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION));
}
}
}
Example 2

Cannot redirect after facebook login using response entity in spring boot

Ok, so I am trying to achieve facebook authentication in my application but after success user is not redirected to homepage even though location header is set.
This is my current scenario.
Front-End call:
#GetMapping(value = "/login/facebook")
public String loginFacebook() {
String facebookLoginUrl = String.valueOf(this.restTemplate.getForEntity(this.serverApi + "/login/facebook",String.class).getHeaders().get("Location"));
facebookLoginUrl = facebookLoginUrl.substring(1,facebookLoginUrl.length()-1);
System.out.println(facebookLoginUrl);
return "redirect:" + facebookLoginUrl;
}
Back-End:
#RequestMapping(value = "/login/facebook", method = RequestMethod.GET)
public String startFacebookProcess() {
this.facebookConnectionFactory = new FacebookConnectionFactory(appId,appSecret);
OAuth2Operations operations = this.facebookConnectionFactory.getOAuthOperations();
OAuth2Parameters parameters = new OAuth2Parameters();
// promeni url-a za front-enda
parameters.setRedirectUri("http://localhost:8080/login/returnFromFacebook");
parameters.setScope(this.scope);
System.out.println("In startFacebookProcess");
String url = operations.buildAuthorizeUrl(parameters);
System.out.println(url);
return "redirect:" + url;
}
After that, the user is being redirected to the official facebook login page where he allows his details to be used.
Then he performs a GET request to my Front-End with his authorization code:
#GetMapping(value = "/login/returnFromFacebook")
public ResponseEntity getFacebookData(#RequestParam("code") String authorizationCode){
System.out.println(authorizationCode);
ResponseEntity response = this.restTemplate.getForEntity(this.serverApi +
"/login/returnFromFacebook?code=" + authorizationCode, ResponseEntity.class);
if(response.getStatusCode().is2xxSuccessful()){
return response;
}
return new ResponseEntity(HttpStatus.CONFLICT);
}
My Back-End is being called and I contact facebook to fetch the user data using his authorization code. Then I return a ResponseEntity which inherited all the HttpServletResponse headers and cookies.
#RequestMapping(value = "/login/returnFromFacebook", method = RequestMethod.GET)
public ResponseEntity getDataFromFacebook(#RequestParam("code") String authorizationCode,
HttpServletResponse response) throws IOException {
// leg 2
OAuth2Operations operations = this.facebookConnectionFactory.getOAuthOperations();
AccessGrant accessGrant = operations.exchangeForAccess(authorizationCode,
"http://localhost:8080/login/returnFromFacebook",null);
// leg 3
System.out.println("code: " + authorizationCode);
Connection<Facebook> connection = this.facebookConnectionFactory.createConnection(accessGrant);
User currentUser = connection.getApi().fetchObject("me", User.class,"email,first_name,last_name");
System.out.println("Email: " + currentUser.getEmail());
if(this.appUserDAO.findUserAccountByEmail(currentUser.getEmail()) == null){
Map<String, String> facebookDetailsMap = new LinkedHashMap<>();
facebookDetailsMap.put("email",currentUser.getEmail());
facebookDetailsMap.put("name",currentUser.getFirstName() + " " + currentUser.getLastName());
this.appUserDAO.saveFacebookAccount(facebookDetailsMap);
}
// Create JWT Token
String token = JWT.create()
.withSubject(currentUser.getEmail())
.withExpiresAt(new Date(System.currentTimeMillis() + JwtProperties.EXPIRATION_TIME))
.sign(HMAC512(JwtProperties.SECRET.getBytes()));
JwtAuthenticationFilter.setJwtCookie(response,token);
System.out.println(response.getStatus() + " " + response.getHeader("set-cookie"));
response.setHeader("Location", "http://localhost:8080/");
// HttpHeaders headers = new HttpHeaders();
// headers.add(index");
return new ResponseEntity<>(HttpStatus.CREATED);
}
This is the received response header in the browser. The cookies are set and everything but user is not being redirected to Location header. :
I tried to return a String "redirect:/" from GetFacebookData(Front-End) but the response cookies and headers are not being applied. I don't know why the Location header is not working.
I fixed it by returning the 'index' template if the back-end call was sucessful but also apply the cookie header into the original response (which was to the front-end) using HttpServletResponse (this is not possible with ResponseEntity btw). With HttpServletResponse you dont have to return it to the browser, it applies everything by default. With ResponseEntity you have to return ResponseEntity Object in order to apply headers. This is how the function looks like now:
#GetMapping(value = "/login/returnFromFacebook")
public String getFacebookData(#RequestParam("code") String authorizationCode, HttpServletResponse httpServletResponse) throws IOException {
System.out.println(authorizationCode);
ResponseEntity response = this.restTemplate.getForEntity(this.serverApi +
"/login/returnFromFacebook?code=" + authorizationCode, ResponseEntity.class);
System.out.println(response.getStatusCodeValue() + " " + response.getHeaders().get("Location"));
//set cookie for original request
String jwtCookieHeader = String.valueOf(response.getHeaders().get("set-cookie"));
jwtCookieHeader = jwtCookieHeader.substring(1,jwtCookieHeader.length()-1);
httpServletResponse.setHeader("set-cookie", jwtCookieHeader);
if(response.getStatusCode().is2xxSuccessful()){
return "redirect:/";
}
return String.valueOf(new ResponseEntity(HttpStatus.CONFLICT));
}

Java Spring rest return unauthorized json

Currently have a java spring application in development. It utilizes a ui along with restful apis which send/receive json via post requests.
Each api request needs to be validated with a token which will be sent with the request. This action is completed and a boolean is returned. Now the problem is when the boolean value is false(token not valid) I need to return a 401 error to the end user. Currently I am returning List which is being converted to json. How can I return some 401 error to the end user.
Example
//done
#RequestMapping(value = "/getSomething"
, method = RequestMethod.POST
, consumes = "application/json"
, produces = "application/json")
#ResponseBody
public List<Obj> getSomething(#RequestBody Input f) {
DAOImpl dAOImpl = (MapDAOImpl) appContext.getBean("DAOImpl");
Boolean res = dAOImpl.validateToken(f.session);
if(res) {
List<Obj> response = dAOImpl.getSomething(f.ID);
return response;
} else {
return new ResponseEntity<String>("test", HttpStatus.UNAUTHORIZED);
}
}
You just need to change your return type to ResponseEntity.
#RequestMapping(value = "/getSomething"
, method = RequestMethod.POST
, consumes = "application/json"
, produces = "application/json")
#ResponseBody
public ResponseEntity<?> getSomething(#RequestBody Input f) {
DAOImpl dAOImpl = (MapDAOImpl) appContext.getBean("DAOImpl");
Boolean res = dAOImpl.validateToken(f.session);
if(res) {
List<Obj> response = dAOImpl.getSomething(f.ID);
return new ResponseEntity<>(response, HttpStatus.OK);
}
return new ResponseEntity<String>("Unauthorized", HttpStatus.UNAUTHORIZED);
}
Note : I would recommend to pass proper JSON in error response so that client can parse and use if required.

How to ajax in spring mvc and tile

Is there any way integrate ajax in spring mvc and apache tile. For me, when sent the request to controller and after that send back to view, the data can not pass through tile config.
Help me please. Thanks
I do this all the time. What i do is, instead of sending back a "View" string or "ModelAndView" object, return an object of type ResponseEntity.
For instance, in your controller class, you can have a method like:
#RequestMapping(value="/cache/clear", method = RequestMethod.GET)
public ResponseEntity<String> clearAllCaches() {
Map<String, Object> results = new HashMap<String, Object>();
long startTimestamp = System.currentTimeMillis();
for (CachingService cachingService : cachingServices) {
LOGGER.info("Clearing caches in " + cachingService.getClass().getSimpleName());
cachingService.clearCache();
}
long finishTimestamp = System.currentTimeMillis();
long executionTime = finishTimestamp - startTimestamp;
LOGGER.warn("Finished clearing caches in " + cachingServices.size() + " services in " + executionTime + " ms.");
results.put("executionTime", executionTime);
results.put("serviceCount", cachingServices.size());
results.put(ServiceConstants.RETURN_KEY_SUCCESS, Boolean.TRUE);
return createResponse(results, HttpStatus.CREATED);
}
protected ResponseEntity<String> createResponse(Map <String, Object> results, HttpStatus successCode) {
JSONSerializer serializer = new JSONSerializer();
String responseBody = serializer.deepSerialize(results);
HttpStatus status = successCode;
boolean success = results.containsKey(ServiceConstants.RETURN_KEY_SUCCESS)
? (Boolean)results.get(ServiceConstants.RETURN_KEY_SUCCESS)
: false;
if (!success) {
status = HttpStatus.BAD_REQUEST;
}
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.setContentLength(responseBody.length());
headers.add("Access-Control-Allow-Origin", "*");
return new ResponseEntity<String>(responseBody, headers, status);
}
Note that I'm using FlexJSON as I'm using Spring Roo. You could also manually invoke Jackson.
i solve my problem by annotation #ResponseBody to send string back to ajax page.
public #ResponseBody
String test() {
List<User> users = userDetailsService.test();
for (User user : users) {
System.out.println(user);
}
return "1";
}

Categories