Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support remember-me cookie customization 

Closes gh-14990
This commit is contained in:
Max Batischev 2024-06-05 16:17:05 +03:00 committed by Marcus Hert Da Coregio
parent 3acd2c65d9
commit 44f9396bad
2 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -21,6 +21,7 @@ import java.net.URLDecoder;
import java.net.URLEncoder; import java.net.URLEncoder;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Base64; import java.util.Base64;
import java.util.function.Consumer;
import jakarta.servlet.http.Cookie; import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
@ -97,6 +98,9 @@ public abstract class AbstractRememberMeServices
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper(); private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
private Consumer<Cookie> cookieCustomizer = (cookie) -> {
};
protected AbstractRememberMeServices(String key, UserDetailsService userDetailsService) { protected AbstractRememberMeServices(String key, UserDetailsService userDetailsService) {
Assert.hasLength(key, "key cannot be empty or null"); Assert.hasLength(key, "key cannot be empty or null");
Assert.notNull(userDetailsService, "UserDetailsService cannot be null"); Assert.notNull(userDetailsService, "UserDetailsService cannot be null");
@ -373,6 +377,9 @@ public abstract class AbstractRememberMeServices
} }
cookie.setSecure((this.useSecureCookie != null) ? this.useSecureCookie : request.isSecure()); cookie.setSecure((this.useSecureCookie != null) ? this.useSecureCookie : request.isSecure());
cookie.setHttpOnly(true); cookie.setHttpOnly(true);
this.cookieCustomizer.accept(cookie);
response.addCookie(cookie); response.addCookie(cookie);
} }
@ -492,4 +499,14 @@ public abstract class AbstractRememberMeServices
this.messages = new MessageSourceAccessor(messageSource); this.messages = new MessageSourceAccessor(messageSource);
} }
/**
* Sets the {@link Consumer}, allowing customization of cookie.
* @param cookieCustomizer customize for cookie
* @since 6.4
*/
public void setCookieCustomizer(Consumer<Cookie> cookieCustomizer) {
Assert.notNull(cookieCustomizer, "cookieCustomizer cannot be null");
this.cookieCustomizer = cookieCustomizer;
}
} }

13
web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -402,6 +402,17 @@ public class AbstractRememberMeServicesTests {
verify(source).getMessage(eq(code), any(), any()); verify(source).getMessage(eq(code), any(), any());
} }
@Test
public void setCookieCustomAttribute() {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockRememberMeServices services = new MockRememberMeServices(this.uds);
services.setCookieCustomizer((cookie) -> cookie.setAttribute("attr1", "value1"));
services.setCookie(new String[] { "mycookie" }, 1000, request, response);
Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
assertThat(cookie.getAttribute("attr1")).isEqualTo("value1");
}
private Cookie[] createLoginCookie(String cookieToken) { private Cookie[] createLoginCookie(String cookieToken) {
MockRememberMeServices services = new MockRememberMeServices(this.uds); MockRememberMeServices services = new MockRememberMeServices(this.uds);
Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,