aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2024-05-05 09:50:19 -0700
committerAnton Tananaev <anton@traccar.org>2024-05-05 09:50:19 -0700
commit49483e0420ca8c7ff1afb31dacc7a427f93c7a3a (patch)
treeef635844a1aa217e0c2fd1ddcd4a24e35a7c418e
parent25bda2559356b7fc4388069b641da16a35bcd0cc (diff)
downloadtrackermap-server-49483e0420ca8c7ff1afb31dacc7a427f93c7a3a.tar.gz
trackermap-server-49483e0420ca8c7ff1afb31dacc7a427f93c7a3a.tar.bz2
trackermap-server-49483e0420ca8c7ff1afb31dacc7a427f93c7a3a.zip
Support WebSocket auth token
-rw-r--r--src/main/java/org/traccar/api/AsyncSocketServlet.java30
1 files changed, 24 insertions, 6 deletions
diff --git a/src/main/java/org/traccar/api/AsyncSocketServlet.java b/src/main/java/org/traccar/api/AsyncSocketServlet.java
index cd2c1639e..e1e7ee977 100644
--- a/src/main/java/org/traccar/api/AsyncSocketServlet.java
+++ b/src/main/java/org/traccar/api/AsyncSocketServlet.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org)
+ * Copyright 2015 - 2024 Anton Tananaev (anton@traccar.org)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import org.eclipse.jetty.websocket.server.JettyWebSocketServlet;
import org.eclipse.jetty.websocket.server.JettyWebSocketServletFactory;
import org.traccar.api.resource.SessionResource;
+import org.traccar.api.security.LoginService;
import org.traccar.config.Config;
import org.traccar.config.Keys;
import org.traccar.session.ConnectionManager;
@@ -27,7 +28,12 @@ import org.traccar.storage.Storage;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import jakarta.servlet.http.HttpSession;
+import org.traccar.storage.StorageException;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
import java.time.Duration;
+import java.util.List;
@Singleton
public class AsyncSocketServlet extends JettyWebSocketServlet {
@@ -36,25 +42,37 @@ public class AsyncSocketServlet extends JettyWebSocketServlet {
private final ObjectMapper objectMapper;
private final ConnectionManager connectionManager;
private final Storage storage;
+ private final LoginService loginService;
@Inject
public AsyncSocketServlet(
- Config config, ObjectMapper objectMapper, ConnectionManager connectionManager, Storage storage) {
+ Config config, ObjectMapper objectMapper, ConnectionManager connectionManager, Storage storage,
+ LoginService loginService) {
this.config = config;
this.objectMapper = objectMapper;
this.connectionManager = connectionManager;
this.storage = storage;
+ this.loginService = loginService;
}
@Override
public void configure(JettyWebSocketServletFactory factory) {
factory.setIdleTimeout(Duration.ofMillis(config.getLong(Keys.WEB_TIMEOUT)));
factory.setCreator((req, resp) -> {
- if (req.getSession() != null) {
- Long userId = (Long) ((HttpSession) req.getSession()).getAttribute(SessionResource.USER_ID_KEY);
- if (userId != null) {
- return new AsyncSocket(objectMapper, connectionManager, storage, userId);
+ Long userId = null;
+ List<String> tokens = req.getParameterMap().get("token");
+ if (tokens != null && !tokens.isEmpty()) {
+ String token = tokens.iterator().next();
+ try {
+ userId = loginService.login(token).getUser().getId();
+ } catch (StorageException | GeneralSecurityException | IOException e) {
+ throw new RuntimeException(e);
}
+ } else if (req.getSession() != null) {
+ userId = (Long) ((HttpSession) req.getSession()).getAttribute(SessionResource.USER_ID_KEY);
+ }
+ if (userId != null) {
+ return new AsyncSocket(objectMapper, connectionManager, storage, userId);
}
return null;
});