Retrieve remember-me key from service as fallback
Fixes: gh-4140
This commit is contained in:
parent
4b4c6e612b
commit
b13f750646
|
@ -435,7 +435,11 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
*/
|
||||
private String getKey() {
|
||||
if (this.key == null) {
|
||||
this.key = UUID.randomUUID().toString();
|
||||
if (this.rememberMeServices instanceof AbstractRememberMeServices) {
|
||||
this.key = ((AbstractRememberMeServices) rememberMeServices).getKey();
|
||||
} else {
|
||||
this.key = UUID.randomUUID().toString();
|
||||
}
|
||||
}
|
||||
return this.key;
|
||||
}
|
||||
|
|
|
@ -36,6 +36,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
|||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.authentication.RememberMeServices;
|
||||
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.MvcResult;
|
||||
|
||||
|
@ -453,4 +454,36 @@ public class RememberMeConfigurerTests {
|
|||
// @formatter:on
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenRememberMeCookieThenAuthenticationIsRememberMeAuthenticationTokenWithFallbackKeyConfiguration()
|
||||
throws Exception {
|
||||
this.spring.register(FallbackRememberMeKeyConfig.class).autowire();
|
||||
|
||||
MvcResult mvcResult = this.mvc.perform(post("/login")
|
||||
.with(csrf())
|
||||
.param("username", "user")
|
||||
.param("password", "password")
|
||||
.param("remember-me", "true"))
|
||||
.andReturn();
|
||||
Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
|
||||
|
||||
this.mvc.perform(get("/abc")
|
||||
.cookie(rememberMeCookie))
|
||||
.andExpect(authenticated().withAuthentication(auth ->
|
||||
assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class FallbackRememberMeKeyConfig extends RememberMeConfig {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
super.configure(http);
|
||||
// @formatter:off
|
||||
http.rememberMe()
|
||||
.rememberMeServices(new TokenBasedRememberMeServices("key", userDetailsService()));
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue