src/de/uhilger/httpserver/auth/handler/ApiLoginHandler.java | ●●●●● patch | view | raw | blame | history | |
src/de/uhilger/httpserver/auth/handler/FormLoginHandler.java | ●●●●● patch | view | raw | blame | history | |
src/de/uhilger/httpserver/auth/handler/LoginHandler.java | ●●●●● patch | view | raw | blame | history | |
src/de/uhilger/httpserver/auth/handler/LogoutHandler.java | ●●●●● patch | view | raw | blame | history |
src/de/uhilger/httpserver/auth/handler/ApiLoginHandler.java
@@ -22,6 +22,7 @@ import com.sun.net.httpserver.HttpExchange; import de.uhilger.httpserver.auth.ApiAuthenticator; import de.uhilger.httpserver.auth.realm.User; import de.uhilger.httpserver.base.handler.HttpHelper; import de.uhilger.httpserver.base.handler.HttpResponder; import java.io.IOException; import java.util.logging.Logger; @@ -59,7 +60,7 @@ {"name": "fred", "password": "secret"} das kann wie folgt gelesen werden */ String body = bodyLesen(exchange); String body = new HttpHelper().bodyLesen(exchange); Gson gson = new Gson(); User user = gson.fromJson(body, User.class); return user; src/de/uhilger/httpserver/auth/handler/FormLoginHandler.java
@@ -23,6 +23,7 @@ import de.uhilger.httpserver.auth.FormAuthenticator; import de.uhilger.httpserver.auth.TokenAuthenticator; import de.uhilger.httpserver.auth.realm.User; import de.uhilger.httpserver.base.handler.HttpHelper; import de.uhilger.httpserver.base.handler.HttpResponder; import java.io.IOException; import java.util.HashMap; @@ -152,7 +153,7 @@ @Override protected User getUser(HttpExchange exchange) throws IOException { String body = bodyLesen(exchange); String body = new HttpHelper().bodyLesen(exchange); String[] nameWertPaare = body.split(TokenAuthenticator.STR_AMP); HashMap<String, String> werte = new HashMap(); for (String nameWert : nameWertPaare) { src/de/uhilger/httpserver/auth/handler/LoginHandler.java
@@ -24,10 +24,7 @@ import com.sun.net.httpserver.HttpHandler; import de.uhilger.httpserver.auth.TokenAuthenticator; import de.uhilger.httpserver.auth.realm.User; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Locale; @@ -42,7 +39,7 @@ /* Der Logger fuer diesen JWTLoginHandler */ //private static final Logger logger = Logger.getLogger(LoginHandler.class.getName()); public static final String ATTR_JWT_AUTH = "jwtauth"; public static final String ATTR_AUTHENTICATOR = "authenticator"; //protected String ctx; @@ -65,12 +62,12 @@ public void handle(HttpExchange exchange) throws IOException { User nutzer = getUser(exchange); HttpContext context = exchange.getHttpContext(); Object o = context.getAttributes().get(ATTR_JWT_AUTH); Object o = context.getAttributes().get(ATTR_AUTHENTICATOR); if (o instanceof TokenAuthenticator) { TokenAuthenticator jwtAuth = (TokenAuthenticator) o; String token = jwtAuth.anmelden(nutzer.getName(), nutzer.getPassword()); TokenAuthenticator auth = (TokenAuthenticator) o; String token = auth.anmelden(nutzer.getName(), nutzer.getPassword()); if (token != null) { loginResponse(exchange, jwtAuth, token); loginResponse(exchange, auth, token); } else { // Nutzer und Kennwort passen nicht } @@ -81,7 +78,7 @@ protected void setAuthenticatedHeader(HttpExchange exchange, Authenticator auth, String token) { if(auth instanceof TokenAuthenticator) { TokenAuthenticator jwtAuth = (TokenAuthenticator) auth; TokenAuthenticator tAuth = (TokenAuthenticator) auth; // angemeldet, Token als Antwort zurueckgeben Headers respHeaders = exchange.getResponseHeaders(); // JWT=[cookie-inhalt]; Expires=Thu, 21 Oct 2021 07:28:00 GMT; Secure; HttpOnly @@ -89,7 +86,7 @@ new SimpleDateFormat(TokenAuthenticator.HEADER_DATE_PATTERN, Locale.US); Date exp = Date.from(new Date().toInstant().plusSeconds(TokenAuthenticator.TOKEN_EXPIRATION)); respHeaders.add(TokenAuthenticator.SET_COOKIE_HEADER, jwtAuth.cookieBilden(TokenAuthenticator.JWT_INDICATOR, token, exp)); tAuth.cookieBilden(TokenAuthenticator.JWT_INDICATOR, token, exp)); } } @@ -97,7 +94,7 @@ protected abstract User getUser(HttpExchange exchange) throws IOException; /* protected String bodyLesen(HttpExchange exchange) throws IOException { StringBuilder sb = new StringBuilder(); InputStream is = exchange.getRequestBody(); @@ -109,6 +106,6 @@ } return sb.toString(); } */ } src/de/uhilger/httpserver/auth/handler/LogoutHandler.java
New file @@ -0,0 +1,53 @@ /* jwtTest - JSON Web Token Testimplementierung Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. */ package de.uhilger.httpserver.auth.handler; import com.sun.net.httpserver.HttpContext; import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpHandler; import de.uhilger.httpserver.auth.TokenAuthenticator; import de.uhilger.httpserver.base.handler.HttpResponder; import java.io.IOException; /** * * @author Ulrich Hilger * @version 1, 02.06.2021 */ public class LogoutHandler implements HttpHandler { @Override public void handle(HttpExchange exchange) throws IOException { HttpContext context = exchange.getHttpContext(); Object o = context.getAttributes().get(LoginHandler.ATTR_AUTHENTICATOR); if (o instanceof TokenAuthenticator) { TokenAuthenticator auth = (TokenAuthenticator) o; String jwt = auth.cookieLesen(exchange, TokenAuthenticator.JWT_INDICATOR); if (jwt != null) { auth.abmelden(jwt); HttpResponder r = new HttpResponder(); r.antwortSenden(exchange, HttpResponder.SC_OK, "Abgemeldet."); } else { // kein JSON Web Token } } else { // kein passender Authenticator } } }