GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.

3.0.x
Luke Taylor 17 years ago
parent
7fa9a959b5
commit
c2e688610c
1 changed files with 21 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java

27
core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java
Unescape View File

@ -107,19 +107,16 @@ public abstract class AbstractRememberMeServices implements RememberMeServices, @@ -107,19 +107,16 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
logger.debug("Remember-me cookie accepted");
RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(key, user, user.getAuthorities());
auth.setDetails(authenticationDetailsSource.buildDetails(request));
return auth;
return createSuccessfulAuthentication(request, user);
}
/**
* Locates the Spring Security remember me cookie in the request.
* Locates the Spring Security remember me cookie in the request and returns its value.
*
* @param request the submitted request which is to be authenticated
* @return the cookie value (if present), null otherwise.
*/
private String extractRememberMeCookie(HttpServletRequest request) {
protected String extractRememberMeCookie(HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if ((cookies == null) || (cookies.length == 0)) {
@ -135,6 +132,24 @@ public abstract class AbstractRememberMeServices implements RememberMeServices, @@ -135,6 +132,24 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
return null;
}
/**
* Creates the final <tt>Authentication</tt> object returned from the <tt>autoLogin</tt> method.
* <p>
* By default it will create a <tt>RememberMeAuthenticationToken</tt> instance.
*
* @param request the original request. The configured <tt>AuthenticationDetailsSource</tt> will
* use this to build the details property of the returned object.
* @param user the <tt>UserDetails</tt> loaded from the <tt>UserDetailsService</tt>. This will be
* stored as the principal.
*
* @return the <tt>Authentication</tt> for the remember-me authenticated user
*/
protected Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user) {
RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(key, user, user.getAuthorities());
auth.setDetails(authenticationDetailsSource.buildDetails(request));
return auth;
}
/**
* Decodes the cookie and splits it into a set of token strings using the ":" delimiter.
*

Write Preview
Loading…
Cancel
Save