diff --git a/src/fr/devinsy/kiss4web/SimpleSecurityAgent.java b/src/fr/devinsy/kiss4web/SimpleSecurityAgent.java index e5cd2cd..21921d1 100644 --- a/src/fr/devinsy/kiss4web/SimpleSecurityAgent.java +++ b/src/fr/devinsy/kiss4web/SimpleSecurityAgent.java @@ -15,13 +15,15 @@ import fr.devinsy.util.StringList; public class SimpleSecurityAgent { static private final Logger logger = LoggerFactory.getLogger(SimpleSecurityAgent.class); - final static public String USERID_LABEL = "securityAgent.userId"; - final static public String ACCOUNTID_LABEL = "securityAgent.accountId"; - final static public String AUTH_LABEL = "securityAgent.auth"; - protected String userIdLabel; - protected String accountIdLabel; - protected String authLabel; - protected String secretKey; + public static final String USERID_LABEL = "securityAgent.userId"; + public static final String ACCOUNTID_LABEL = "securityAgent.accountId"; + public static final String AUTH_LABEL = "securityAgent.auth"; + private String userIdLabel; + private String accountIdLabel; + private String authLabel; + private String secretKey; + private static final int DEFAULT_DURATION = 60 * 60; // One hour. + private int duration; /** * @@ -32,6 +34,7 @@ public class SimpleSecurityAgent this.accountIdLabel = prefix + "." + ACCOUNTID_LABEL; this.authLabel = prefix + "." + AUTH_LABEL; this.secretKey = secretKey; + this.duration = DEFAULT_DURATION; } /** @@ -82,13 +85,22 @@ public class SimpleSecurityAgent targetKeys[keys.length] = this.secretKey; // - result = md5sum(targetKeys); + result = digest(targetKeys); } // return (result); } + /** + * + * @return + */ + public int getDuration() + { + return duration; + } + /** * Check authentication and refresh it (reset countdown). */ @@ -137,7 +149,7 @@ public class SimpleSecurityAgent else { String key = source + this.secretKey; - result = md5sum(key); + result = digest(key); } // @@ -160,16 +172,24 @@ public class SimpleSecurityAgent public void setAuthenticated(final HttpServletRequest request, final HttpServletResponse response, final String accountId, final String userId) { // Refresh cookie. - int duration = 60 * 60; String auth = computeAuth(String.valueOf(accountId), userId, request.getRemoteAddr()); - response.addCookie(CookieHelper.buildCookie(this.authLabel, auth, duration)); - response.addCookie(CookieHelper.buildCookie(this.accountIdLabel, accountId, duration)); - response.addCookie(CookieHelper.buildCookie(this.userIdLabel, userId, duration)); + response.addCookie(CookieHelper.buildCookie(this.authLabel, auth, this.duration)); + response.addCookie(CookieHelper.buildCookie(this.accountIdLabel, accountId, this.duration)); + response.addCookie(CookieHelper.buildCookie(this.userIdLabel, userId, this.duration)); logger.info("set [" + auth + "," + accountId + "," + userId + "," + request.getRemoteAddr() + ")"); } + /** + * + * @param duration + */ + public void setDuration(final int duration) + { + this.duration = duration; + } + /** * */ @@ -186,7 +206,7 @@ public class SimpleSecurityAgent /** * */ - static public String md5sum(final String... keys) + static public String digest(final String... keys) { String result; @@ -204,7 +224,7 @@ public class SimpleSecurityAgent } // - result = DigestUtils.md5Hex(targetKey.toString()); + result = DigestUtils.sha256Hex(targetKey.toString()); } //