I'm stuck here; I'm trying to implement my own version of a Session Token in my springboot server.
Everything starts within my Login Controller:
package com.example.churchbillboard2.controllers;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.annotation.SessionScope;
import com.example.churchbillboard2.security.SessionToken;
import com.example.churchbillboard2.services.TimeManager;
import com.example.churchbillboard2.services.UserService;
import jakarta.servlet.http.HttpSession;
import org.springframework.context.annotation.Scope;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
@RestController
@RequestMapping("/")
@CrossOrigin(origins = "*")
public class Login {
private UserService userService;
private TimeManager timeManager;
private SessionTokenWrapper sessionTokenWrapper;
public Login(UserService userService, TimeManager timeManager, SessionTokenWrapper sessionTokenWrapper) {
this.userService = userService;
this.timeManager = timeManager;
this.sessionTokenWrapper = sessionTokenWrapper;
}
@GetMapping(value="/")
public String getHome() {
return "Hi From Home";
}
@PostMapping(value="/login")
public SessionToken getMethodName(@RequestBody LoginDTO user, HttpSession session) {
String sessionId = (String) session.getAttribute("sessionId");
System.out.println("sessionId: " + sessionId);
SessionToken sessionToken = (userService.getUserByUserName(user) == null) ? new SessionToken("Invalid User") : new SessionToken(null);
sessionTokenWrapper.setSessionToken(sessionToken.getSessionToken());
return sessionToken;
}
@PostMapping(value="/months")
public AvailableMonthsWrapper getMethodName(@RequestHeader("Authorization") String headerValue, HttpSession session) {
String sessionId = (String) session.getAttribute("sessionId");
System.out.println("sessionId: " + sessionId);
return (sessionTokenWrapper.validateToken(headerValue)) ? new AvailableMonthsWrapper(timeManager.availableMonths()) : new AvailableMonthsWrapper("Not Valid Session");
}
}
So once I hit my /login endpoint with the right user and password, I am supposed to store a sessionToken String in the controller attribute sessionTokenWrapper. And I will also send this token to the react client in the response of the request.
My react client immediately use that token to put it in the header of the next request that is sent to /months
However when the request for /months come right after the client gets its sessionToken. My sessionTokenWrapper has a null sessionToken, which I don't understand why, since I set it up before in the /login method when he user credentials were correct.
I'm using @SessionScope in my SessionTokenWrapper class. And I have also tried using this annotation in my restcontroller (login) too. but still doesn't work
Would you please help me to understand what I am doing wrong or what am I missing to get this to work?
My SessionTokenWrapper class is:
package com.example.churchbillbo
ard2.controllers;
import java.io.Serializable;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.SessionScope;
@Component
@SessionScope
public class SessionTokenWrapper implements Serializable{
private String sessionToken;
public SessionTokenWrapper(String sessionToken) {
this.sessionToken = sessionToken;
}
public SessionTokenWrapper() {
}
public String getSessionToken() {
return sessionToken;
}
public void setSessionToken(String sessionToken) {
this.sessionToken = sessionToken;
}
public boolean validateToken(String in_token) {
return sessionToken != null && in_token.equals(sessionToken);
}
}