SEC-182: Remember-me compatibility with concurrent session support.

2006-02-09 10:32:49 +00:00 · 2006-02-09 10:32:49 +00:00 · 0282696202
parent c6eacf026d
commit 0282696202
1 changed files with 54 additions and 47 deletions
--- a/core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java
+++ b/core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java
@ -1,4 +1,4 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,9 +16,13 @@
 package org.acegisecurity.ui.rememberme;

 import org.acegisecurity.Authentication;
+
 import org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
-import org.acegisecurity.userdetails.UserDetailsService;
+
+import org.acegisecurity.ui.WebAuthenticationDetails;
+
 import org.acegisecurity.userdetails.UserDetails;
+import org.acegisecurity.userdetails.UserDetailsService;
 import org.acegisecurity.userdetails.UsernameNotFoundException;

 import org.apache.commons.codec.binary.Base64;
@ -57,11 +61,11 @@ import javax.servlet.http.HttpServletResponse;
 * </p>
 * 
 * <p>
- * An {@link org.acegisecurity.userdetails.UserDetailsService} is required
- * by this implementation, so that it can construct a valid
+ * An {@link org.acegisecurity.userdetails.UserDetailsService} is required by
+ * this implementation, so that it can construct a valid
 * <code>Authentication</code> from the returned {@link
- * org.acegisecurity.userdetails.UserDetails}. This is also necessary so that the
- * user's password is available and can be checked as part of the encoded
+ * org.acegisecurity.userdetails.UserDetails}. This is also necessary so that
+ * the user's password is available and can be checked as part of the encoded
 * cookie.
 * </p>
 * 
@ -112,45 +116,13 @@ public class TokenBasedRememberMeServices implements RememberMeServices,

    //~ Instance fields ========================================================

-    private UserDetailsService userDetailsService;
    private String key;
    private String parameter = DEFAULT_PARAMETER;
+    private UserDetailsService userDetailsService;
    private long tokenValiditySeconds = 1209600; // 14 days

    //~ Methods ================================================================

-    public void setUserDetailsService(UserDetailsService authenticationDao) {
-        this.userDetailsService = authenticationDao;
-    }
-
-    public UserDetailsService getUserDetailsService() {
-        return userDetailsService;
-    }
-
-    public void setKey(String key) {
-        this.key = key;
-    }
-
-    public String getKey() {
-        return key;
-    }
-
-    public void setParameter(String parameter) {
-        this.parameter = parameter;
-    }
-
-    public String getParameter() {
-        return parameter;
-    }
-
-    public void setTokenValiditySeconds(long tokenValiditySeconds) {
-        this.tokenValiditySeconds = tokenValiditySeconds;
-    }
-
-    public long getTokenValiditySeconds() {
-        return tokenValiditySeconds;
-    }
-
    public void afterPropertiesSet() throws Exception {
        Assert.hasLength(key);
        Assert.hasLength(parameter);
@ -258,8 +230,11 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
                            logger.debug("Remember-me cookie accepted");
                        }

-                        return new RememberMeAuthenticationToken(this.key,
-                            userDetails, userDetails.getAuthorities());
+                        RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(this.key,
+                                userDetails, userDetails.getAuthorities());
+                        auth.setDetails(new WebAuthenticationDetails(request));
+
+                        return auth;
                    } else {
                        cancelCookie(request, response,
                            "Cookie token did not contain 3 tokens; decoded value was '"
@ -280,6 +255,31 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
        return null;
    }

+    private void cancelCookie(HttpServletRequest request,
+        HttpServletResponse response, String reasonForLog) {
+        if ((reasonForLog != null) && logger.isDebugEnabled()) {
+            logger.debug("Cancelling cookie for reason: " + reasonForLog);
+        }
+
+        response.addCookie(makeCancelCookie());
+    }
+
+    public String getKey() {
+        return key;
+    }
+
+    public String getParameter() {
+        return parameter;
+    }
+
+    public long getTokenValiditySeconds() {
+        return tokenValiditySeconds;
+    }
+
+    public UserDetailsService getUserDetailsService() {
+        return userDetailsService;
+    }
+
    public void loginFail(HttpServletRequest request,
        HttpServletResponse response) {
        cancelCookie(request, response,
@ -353,12 +353,19 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
        return cookie;
    }

-    private void cancelCookie(HttpServletRequest request,
-        HttpServletResponse response, String reasonForLog) {
-        if ((reasonForLog != null) && logger.isDebugEnabled()) {
-            logger.debug("Cancelling cookie for reason: " + reasonForLog);
-        }
+    public void setKey(String key) {
+        this.key = key;
+    }

-        response.addCookie(makeCancelCookie());
+    public void setParameter(String parameter) {
+        this.parameter = parameter;
+    }
+
+    public void setTokenValiditySeconds(long tokenValiditySeconds) {
+        this.tokenValiditySeconds = tokenValiditySeconds;
+    }
+
+    public void setUserDetailsService(UserDetailsService authenticationDao) {
+        this.userDetailsService = authenticationDao;
    }
 }