Retrieve remember-me key from service as fallback

Fixes: gh-4140
This commit is contained in:
邓超 2019-11-07 20:55:39 +08:00 committed by Eleftheria Stein-Kousathana
parent 4b4c6e612b
commit b13f750646
2 changed files with 38 additions and 1 deletions

View File

@ -435,7 +435,11 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
*/
private String getKey() {
if (this.key == null) {
this.key = UUID.randomUUID().toString();
if (this.rememberMeServices instanceof AbstractRememberMeServices) {
this.key = ((AbstractRememberMeServices) rememberMeServices).getKey();
} else {
this.key = UUID.randomUUID().toString();
}
}
return this.key;
}

View File

@ -36,6 +36,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
@ -453,4 +454,36 @@ public class RememberMeConfigurerTests {
// @formatter:on
}
}
@Test
public void getWhenRememberMeCookieThenAuthenticationIsRememberMeAuthenticationTokenWithFallbackKeyConfiguration()
throws Exception {
this.spring.register(FallbackRememberMeKeyConfig.class).autowire();
MvcResult mvcResult = this.mvc.perform(post("/login")
.with(csrf())
.param("username", "user")
.param("password", "password")
.param("remember-me", "true"))
.andReturn();
Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
this.mvc.perform(get("/abc")
.cookie(rememberMeCookie))
.andExpect(authenticated().withAuthentication(auth ->
assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
}
@EnableWebSecurity
static class FallbackRememberMeKeyConfig extends RememberMeConfig {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
// @formatter:off
http.rememberMe()
.rememberMeServices(new TokenBasedRememberMeServices("key", userDetailsService()));
// @formatter:on
}
}
}