I'm trying to change the Domain and Path of a Cookie in a Webfilter.
The Cookie is added to the Response by the Soteria RememberMeInterceptor.
This is my Webfilter:
@WebFilter(filterName = "DomainCookieFilter",
urlPatterns = {"/*"},
dispatcherTypes = {DispatcherType.ASYNC, DispatcherType.REQUEST})
public class DomainCookieFilter implements Filter {
private static Logger logger = Logger.getLogger(DomainCookieFilter.class.getSimpleName());
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
logger.info("DomainCookieFilter invoked!!!");
chain.doFilter(request, new DomainCookieResponseWrapper((HttpServletResponse) response));
}
}
And this the ResponseWrapper:
public class DomainCookieResponseWrapper extends HttpServletResponseWrapper {
private static Logger logger = Logger.getLogger(DomainCookieResponseWrapper.class.getSimpleName());
public DomainCookieResponseWrapper(HttpServletResponse response) {
super(response);
}
@Override
public void addCookie(Cookie cookie) {
logger.info("Add Cookie: " + cookie.getName());
if(cookie.getName().equals("JREMEMBERMEID") && cookie.getMaxAge() != 0) {
cookie.setDomain(".domain.local");
cookie.setPath("/");
logger.info("Add Cookie: changed Domain");
}
super.addCookie(cookie);
}
}
The DomainCookieResponseWrapper.addCookie-Method is never called, and I don't understand why.
So what am I missing here?
A few tries later I came to the conclusion that Authenticationrequests are not filtered.
I finally came up with a different aproach.
I wrote another RemembermeInterceptor preceding the default one, in wich the Response is replaced by my Responsewrapper.
This maybe isn't the best Solution, but it works.
If anyone has a better approach, please let me know.