#25 - all read/write access to cookie is synchronized

cristal-ise · May 19, 2018 · 0c46add · 0c46add
1 parent 8153e3c
commit 0c46add
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/src/main/java/org/cristalise/restapi/CookieLogin.java b/src/main/java/org/cristalise/restapi/CookieLogin.java
@@ -64,12 +64,17 @@ public Response login(@QueryParam("user") String user, @QueryParam("pass") Strin
             throw ItemUtils.createWebAppException("Agent '" + user + "' not found", Response.Status.NOT_FOUND);
         }
 
+        return getCookieResponse(agentPath);
+    }
+
+    private synchronized Response getCookieResponse(AgentPath agentPath) {
         // create and set cookie
         AuthData agentData = new AuthData(agentPath);
         try {
             NewCookie cookie;
 
             int cookieLife = Gateway.getProperties().getInt("REST.loginCookieLife", 0);
+
             if (cookieLife > 0)
                 cookie = new NewCookie(COOKIENAME, encryptAuthData(agentData), "/", null, null, cookieLife, false);
             else

diff --git a/src/main/java/org/cristalise/restapi/RestHandler.java b/src/main/java/org/cristalise/restapi/RestHandler.java
@@ -57,7 +57,7 @@
 import org.cristalise.kernel.property.Property;
 import org.cristalise.kernel.utils.Logger;
 
-public class RestHandler {
+abstract public class RestHandler {
 
     private ObjectMapper mapper;
     private boolean requireLogin = true;
@@ -100,7 +100,7 @@ private static void initKeys(int keySize)
         kgen.init(keySize);
         cookieKey = kgen.generateKey();
 
-        //System.out.println("RestHandler.initKeys() - Cookie key: "+DatatypeConverter.printBase64Binary(cookieKey.getEncoded()));
+        System.out.println("RestHandler.initKeys() - Cookie key: "+DatatypeConverter.printBase64Binary(cookieKey.getEncoded()));
 
         encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
         encryptCipher.init(Cipher.ENCRYPT_MODE, cookieKey);
@@ -140,7 +140,7 @@ public Response toJSON(Object data) {
      * @param authCookie the cookie sent by the client
      * @return AgentPath decrypted from the cookie
      */
-    public AgentPath checkAuthCookie(Cookie authCookie) {
+    public synchronized AgentPath checkAuthCookie(Cookie authCookie) {
         if(authCookie == null) return checkAuthData(null);
         else                   return checkAuthData(authCookie.getValue());
     }
@@ -151,7 +151,7 @@ public AgentPath checkAuthCookie(Cookie authCookie) {
      * @param authData authorisation data normally taken from cookie or token
      * @return AgentPath created from the decrypted autData
      */
-    public AgentPath checkAuthData(String authData) {
+    private AgentPath checkAuthData(String authData) {
         if (!requireLogin) return null;
 
         if (authData == null)