old-portfolio/backend-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: old-portfolio:develop
Branches Tags
old-portfolio:develop old-portfolio:main old-portfolio:chore/better-ci old-portfolio:implements-remove-session
...
pull from: old-portfolio:implements-remove-session
Branches Tags
old-portfolio:main old-portfolio:develop old-portfolio:chore/better-ci old-portfolio:implements-remove-session

1 Commits
develop ... implements

Author SHA1 Message Date
Vitor Hideyoshi
2e395cf215 Removes Session From OAuth2 2024-11-06 21:22:06 -03:00
4 changed files with 38 additions and 19 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -32,7 +32,7 @@ build/
### VS Code ### ### VS Code ###
.vscode/ .vscode/
src/main/resources/application-devel.yml src/main/resources/*-devel.yml
### Maven ### ### Maven ###
target/ target/

18
src/main/java/br/com/hideyoshi/auth/config/RedisConfig.java Normal file
View File

@@ -0,0 +1,18 @@
package br.com.hideyoshi.auth.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.repository.configuration.EnableRedisRepositories;
@Configuration
@EnableRedisRepositories
public class RedisConfig {
@Bean
public RedisTemplate<?, ?> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
RedisTemplate<byte[], byte[]> template = new RedisTemplate<byte[], byte[]>();
template.setConnectionFactory(redisConnectionFactory);
return template;
}
}

36
src/main/java/br/com/hideyoshi/auth/security/oauth2/repository/OAuthRequestRepository.java
View File

@@ -1,6 +1,8 @@
package br.com.hideyoshi.auth.security.oauth2.repository; package br.com.hideyoshi.auth.security.oauth2.repository;
import lombok.RequiredArgsConstructor;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.stereotype.Repository; import org.springframework.stereotype.Repository;
@@ -11,11 +13,13 @@ import java.util.Objects;
@Log4j2 @Log4j2
@Repository @Repository
@RequiredArgsConstructor
public class OAuthRequestRepository implements AuthorizationRequestRepository<OAuth2AuthorizationRequest> { public class OAuthRequestRepository implements AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
private final RedisTemplate<String, OAuth2AuthorizationRequest> template;
@Override @Override
public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) { public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
String state = request.getParameter("state"); String state = request.getParameter("state");
if (Objects.nonNull(state)) { if (Objects.nonNull(state)) {
return removeAuthorizationRequest(request); return removeAuthorizationRequest(request);
@@ -25,14 +29,7 @@ public class OAuthRequestRepository implements AuthorizationRequestRepository<OA
@Override @Override
public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request, HttpServletResponse response) { public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request, HttpServletResponse response) {
this.saveAuthorizationRequest(authorizationRequest);
String state = authorizationRequest.getState();
request.getSession().setAttribute(
String.format("state_%s", state),
authorizationRequest
);
} }
@Override @Override
@@ -42,26 +39,29 @@ public class OAuthRequestRepository implements AuthorizationRequestRepository<OA
OAuth2AuthorizationRequest authorizationRequest = null; OAuth2AuthorizationRequest authorizationRequest = null;
if (Objects.nonNull(state)) { if (Objects.nonNull(state)) {
authorizationRequest = this.getAuthorizationRequestFromSession(request, state); authorizationRequest = this.getAuthorizationRequestFromSession(state);
} }
if (Objects.nonNull(authorizationRequest)) { if (Objects.nonNull(authorizationRequest)) {
removeAuthorizationRequestFromSession(request, state); removeAuthorizationRequestFromSession(state);
return authorizationRequest; return authorizationRequest;
} }
return null; return null;
} }
private OAuth2AuthorizationRequest getAuthorizationRequestFromSession(HttpServletRequest request, String state) { private void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest) {
return (OAuth2AuthorizationRequest) request.getSession().getAttribute( this.template.opsForValue().set(
String.format("state_%s", state) String.format("state_%s", authorizationRequest.getState()),
authorizationRequest
); );
} }
private void removeAuthorizationRequestFromSession(HttpServletRequest request, String state) { private OAuth2AuthorizationRequest getAuthorizationRequestFromSession(String state) {
request.getSession().removeAttribute( return this.template.opsForValue().get(String.format("state_%s", state));
String.format("state_%s", state) }
);
private void removeAuthorizationRequestFromSession(String state) {
this.template.delete(String.format("state_%s", state));
} }
} }

1
src/main/resources/application.yml
View File

@@ -20,6 +20,7 @@ server:
session: session:
cookie: cookie:
same-site: none same-site: none
secure: true
port: ${PORT} port: ${PORT}
spring: spring: