Skip to content

Commit

Permalink
Fixing Shard SOAP Authentication Token (checkmarx-ltd#105)
Browse files Browse the repository at this point in the history
* Fix for soap session handler
* Update to version 0.4.40
  • Loading branch information
kmcdon83 authored Sep 2, 2020
1 parent 8c0d923 commit 998da34
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 4 deletions.
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
</parent>
<groupId>com.github.checkmarx-ts</groupId>
<artifactId>cx-spring-boot-sdk</artifactId>
<version>0.4.39</version>
<version>0.4.40</version>
<name>cx-spring-boot-sdk</name>
<description>Checkmarx Java Spring Boot SDK</description>

Expand Down
18 changes: 18 additions & 0 deletions src/main/java/com/checkmarx/sdk/ShardManager/ShardSession.java
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
public class ShardSession {
private WebServiceTemplate ws = null;
private WebServiceTemplate shardWs = null;
private String soapToken = "";
private LocalDateTime soapTokenExpires = null;
private String name = "";
private String team = "";
private String project = "";
Expand All @@ -33,6 +35,22 @@ public WebServiceTemplate getShardWs() {
return shardWs;
}

public String getSoapToken() {
return soapToken;
}

public void setSoapToken(String soapToken) {
this.soapToken = soapToken;
}

public LocalDateTime getSoapTokenExpires() {
return soapTokenExpires;
}

public void setSoapTokenExpires(LocalDateTime soapTokenExpires) {
this.soapTokenExpires = soapTokenExpires;
}

public boolean getShardFound() {
return shardFound;
}
Expand Down
14 changes: 12 additions & 2 deletions src/main/java/com/checkmarx/sdk/service/CxAuthService.java
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,11 @@ public String getSoapAuthToken(String username, String password) {
}
soapToken = response.getAccessToken();
soapTokenExpires = LocalDateTime.now().plusSeconds(response.getExpiresIn()-500); //expire 500 seconds early
if(cxProperties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
shard.setSoapToken(soapToken);
shard.setSoapTokenExpires(soapTokenExpires);
}
}
catch (NullPointerException | HttpStatusCodeException e) {
log.error("Error occurred white obtaining Access Token. Possibly incorrect credentials");
Expand Down Expand Up @@ -198,10 +203,15 @@ private boolean isTokenExpired() {
}

private boolean isSoapTokenExpired() {
if (soapTokenExpires == null) {
LocalDateTime curTokenExpires = soapTokenExpires;
if(cxProperties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
curTokenExpires = shard.getSoapTokenExpires();
}
if (curTokenExpires == null) {
return true;
}
return LocalDateTime.now().isAfter(soapTokenExpires);
return LocalDateTime.now().isAfter(curTokenExpires);
}

private boolean isSessionTokenExpired() {
Expand Down
13 changes: 12 additions & 1 deletion src/main/java/com/checkmarx/sdk/service/CxLegacyService.java
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,10 @@ public String login(String username, String password) throws CheckmarxLegacyExce
try {
if(!response.getLoginV2Result().isIsSuccesfull())
throw new CheckmarxLegacyException("Authentication Error");
if(properties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
shard.setSoapToken(response.getLoginV2Result().getSessionId());
}
return response.getLoginV2Result().getSessionId();
}
catch(NullPointerException e){
Expand Down Expand Up @@ -545,13 +549,20 @@ Integer getLdapServerId(String session, String serverName) throws CheckmarxExce
}

private WebServiceMessageCallback getWSCallback(String callbackUri, String token){
String curToken;
if(properties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
curToken = shard.getSoapToken();
} else {
curToken = token;
}
return message -> {
SoapMessage soapMessage = (SoapMessage) message;
soapMessage.setSoapAction(callbackUri);
TransportContext context = TransportContextHolder.getTransportContext();
HttpUrlConnection connection = (HttpUrlConnection) context.getConnection();
try {
if(!ScanUtils.empty(token) && properties.getVersion() >= 9.0) {
if(!ScanUtils.empty(curToken) && properties.getVersion() >= 9.0) {
connection.addRequestHeader(HttpHeaders.AUTHORIZATION, "Bearer ".concat(token));
}
}catch (IOException e){
Expand Down

0 comments on commit 998da34

Please sign in to comment.