mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-27 22:32:43 +00:00
Retrieve remember-me key from service as fallback
Fixes: gh-4140
This commit is contained in:
邓超
Eleftheria Stein-Kousathana
parent
4b4c6e612b
commit
b13f750646
@ -435,7 +435,11 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
|
|||||||
*/
|
*/
|
||||||
private String getKey() {
|
private String getKey() {
|
||||||
if (this.key == null) {
|
if (this.key == null) {
|
||||||
this.key = UUID.randomUUID().toString();
|
if (this.rememberMeServices instanceof AbstractRememberMeServices) {
|
||||||
|
this.key = ((AbstractRememberMeServices) rememberMeServices).getKey();
|
||||||
|
} else {
|
||||||
|
this.key = UUID.randomUUID().toString();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return this.key;
|
return this.key;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -36,6 +36,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
|||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
import org.springframework.security.web.authentication.RememberMeServices;
|
import org.springframework.security.web.authentication.RememberMeServices;
|
||||||
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
|
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
|
||||||
|
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
import org.springframework.test.web.servlet.MvcResult;
|
import org.springframework.test.web.servlet.MvcResult;
|
||||||
|
|
||||||
@ -453,4 +454,36 @@ public class RememberMeConfigurerTests {
|
|||||||
// @formatter:on
|
// @formatter:on
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getWhenRememberMeCookieThenAuthenticationIsRememberMeAuthenticationTokenWithFallbackKeyConfiguration()
|
||||||
|
throws Exception {
|
||||||
|
this.spring.register(FallbackRememberMeKeyConfig.class).autowire();
|
||||||
|
|
||||||
|
MvcResult mvcResult = this.mvc.perform(post("/login")
|
||||||
|
.with(csrf())
|
||||||
|
.param("username", "user")
|
||||||
|
.param("password", "password")
|
||||||
|
.param("remember-me", "true"))
|
||||||
|
.andReturn();
|
||||||
|
Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me");
|
||||||
|
|
||||||
|
this.mvc.perform(get("/abc")
|
||||||
|
.cookie(rememberMeCookie))
|
||||||
|
.andExpect(authenticated().withAuthentication(auth ->
|
||||||
|
assertThat(auth).isInstanceOf(RememberMeAuthenticationToken.class)));
|
||||||
|
}
|
||||||
|
|
||||||
|
@EnableWebSecurity
|
||||||
|
static class FallbackRememberMeKeyConfig extends RememberMeConfig {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
super.configure(http);
|
||||||
|
// @formatter:off
|
||||||
|
http.rememberMe()
|
||||||
|
.rememberMeServices(new TokenBasedRememberMeServices("key", userDetailsService()));
|
||||||
|
// @formatter:on
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user