Getting a cookie after a successful login?

Question

So I have an Angular App that has user login and authentication. When they login they go to a separate url and service, that's not a part of the angular template (not my choice, not my design, don't have freedom to change it).

So we have our app url at https://my.app.com/appname

And the login url (Which redirects to another URL that has the Spring CAS stuff)

https://my.app.com:8082/api/applications/appname/user/login

Which redirects to

https://yours.app.com/CAS/login .

After a successful login, we go back to the original app page.

However, I need to somehow get the Cookie that has the username of the user logging in to the app.

That cookie is a response cookie tied to https://my.app.com:8082/api/applications/appname/user/login

but not the main url of the app.

So how do I retrieve this cookie, preferably using ngCookie?

For reference here's the backend code that handles this.

@RequestMapping(method = RequestMethod.GET, value = "/login", headers = "Accept=application/json")
public @ResponseBody HttpServletResponse login(HttpServletRequest request, HttpServletResponse response) {
    // toLog(Level.INFO, "Logging user in.");
    String referingURL = request.getHeader("referer");
    _LOG.debug("Referer: " + referingURL);
    try {
        String user = "123456789";
        user = SecurityUtils.getCurrentUsername();
        Cookie userCookie = new Cookie("USERNAME", user);
        userCookie.setSecure(true);
        response.addCookie(userCookie);
        response.sendRedirect(referingURL);
        return response;
    } catch (Exception e) {
        // toLog(Level.ERROR, "Error logging user in", e);
        throw new ResourceNotFoundException(e);
    }
}

Where that Cookie userCookie line is.. that's the cookie I want to get.

In even simpler terms.

The url https://my.app.com:8082/api/applications/appname/user/login

Has a response Cookie with a key called USERNAME, with the value of username I want.

The app lives on https://my.app.com/appname , and I need to access the previously mentioned cookie.

Answer 1

CAS does not set a cookie with the user login. It will set a cookie for your SSO session called a Ticket Granting Cookie (TGC). This token does not provide any information on the logged user.

To retrieve the identity of the user logged you have to validate a Service Ticket. This ticket is appended to the url of your service when CAS/login redirect you back to you application. Then a CAS Client must validate that ticket against CAS/serviceValidate. That client should be in your backend and the username set in the session. Up to you to send it to your frontend the way you want.