Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-7713

Generate and validate JSON Web Tokens

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.0
    • Component/s: None
    • Labels:

      Description

      On each /sessions/login request :

      • A Java filter executed after rails :
        • If user is authenticated : generate a JWT session with an expiration date of 3 days if no activity (and even if there's some activity the user will be force to be disconnected after 3 months)
        • Else : nothing to do

      On each /sessions/logout request :

      • Remove JWT session

      On each HTTP request :

      • If a JWT cookie exists :
        • Validate JWT
        • If the JWT has been created more than 5 minutes, refresh the expiration date
      • If no JWT cookie exists :
        • Nothing to do

      Note that we should not try to validate token for static ressources.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                julien.lancelot Julien Lancelot
                Reporter:
                julien.lancelot Julien Lancelot
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: