SONAR-7713 Use JWT session

author: Julien Lancelot <julien.lancelot@sonarsource.com> 2016-06-14 11:27:10 +0200
committer: Julien Lancelot <julien.lancelot@sonarsource.com> 2016-06-15 11:08:36 +0200
commit: 6f49a9466aaadfad0073c571e023436a9f96bc73 (patch)
tree: fdca4e209802d138f823c10f2bdffaddc90648d9 /server/sonar-web/src/main/webapp
parent: 59a1bedcce44674f3bac75af59ddcd5cb985e303 (diff)
download: sonarqube-6f49a9466aaadfad0073c571e023436a9f96bc73.tar.gz
sonarqube-6f49a9466aaadfad0073c571e023436a9f96bc73.zip
3 files changed, 8 insertions, 1 deletions
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
index 6916ab175c6..6aa2110123a 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
@@ -45,6 +45,7 @@ class SessionsController < ApplicationController
           self.current_user.remember_me
           cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at, :http_only => true }
         end
+        set_user_session
         redirect_back_or_default(home_url)
       else
         render_unauthenticated
@@ -60,6 +61,7 @@ class SessionsController < ApplicationController
       self.current_user.forget_me
     end
     cookies.delete :auth_token
+    cookies.delete 'JWT-SESSION'
     flash[:notice]=message('session.flash_notice.logged_out')
     redirect_to(home_path)
     reset_session
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb b/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb
index ad49b055c13..3a911f78f74 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb
@@ -8,7 +8,7 @@ module AuthenticatedSystem
   # Accesses the current user from the session.
   # Future calls avoid the database because nil is not equal to false.
   def current_user
-    @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_user == false
+    @current_user ||= (login_from_session || login_from_basic_auth) unless @current_user == false
   end
 
   # Store the given user id in the session.
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/web.xml b/server/sonar-web/src/main/webapp/WEB-INF/web.xml
index 504ee37e03c..d4402205359 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/web.xml
+++ b/server/sonar-web/src/main/webapp/WEB-INF/web.xml
@@ -42,6 +42,11 @@
       <param-name>addsHtmlToPathInfo</param-name>
       <param-value>false</param-value>
     </init-param>
+    <!--Do not reset unhandled response in order to be able to add cookie in java servlet -->
+    <init-param>
+      <param-name>resetUnhandledResponse</param-name>
+      <param-value>false</param-value>
+    </init-param>
   </filter>
   <filter>
     <filter-name>SecurityFilter</filter-name>
author	Julien Lancelot <julien.lancelot@sonarsource.com>	2016-06-14 11:27:10 +0200
committer	Julien Lancelot <julien.lancelot@sonarsource.com>	2016-06-15 11:08:36 +0200
commit	6f49a9466aaadfad0073c571e023436a9f96bc73 (patch)
tree	fdca4e209802d138f823c10f2bdffaddc90648d9 /server/sonar-web/src/main/webapp
parent	59a1bedcce44674f3bac75af59ddcd5cb985e303 (diff)
download	sonarqube-6f49a9466aaadfad0073c571e023436a9f96bc73.tar.gz sonarqube-6f49a9466aaadfad0073c571e023436a9f96bc73.zip