mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-30 15:52:15 +00:00
Add alwaysRemember to RememberMe Java Config
Allow setting alwaysRemember from RememberMeConfigurer Fixes gh-180
This commit is contained in:
Leon Radley
Rob Winch
parent
bd0c8a7baa
commit
b82df4ecf3
@ -19,6 +19,7 @@ import java.util.UUID;
|
|||||||
|
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
|
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
|
||||||
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
@ -43,8 +44,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
|
|||||||
* The following Filters are populated
|
* The following Filters are populated
|
||||||
*
|
*
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>
|
* <li>{@link RememberMeAuthenticationFilter}</li>
|
||||||
* {@link RememberMeAuthenticationFilter}</li>
|
|
||||||
* </ul>
|
* </ul>
|
||||||
*
|
*
|
||||||
* <h2>Shared Objects Created</h2>
|
* <h2>Shared Objects Created</h2>
|
||||||
@ -69,7 +69,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
|
|||||||
* <li>{@link AuthenticationManager}</li>
|
* <li>{@link AuthenticationManager}</li>
|
||||||
* <li>{@link UserDetailsService} if no {@link #userDetailsService(UserDetailsService)}
|
* <li>{@link UserDetailsService} if no {@link #userDetailsService(UserDetailsService)}
|
||||||
* was specified.</li>
|
* was specified.</li>
|
||||||
* <li> {@link DefaultLoginPageGeneratingFilter} - if present will be populated with
|
* <li>{@link DefaultLoginPageGeneratingFilter} - if present will be populated with
|
||||||
* information from the configuration</li>
|
* information from the configuration</li>
|
||||||
* </ul>
|
* </ul>
|
||||||
*
|
*
|
||||||
@ -77,8 +77,8 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
|
|||||||
* @author Eddú Meléndez
|
* @author Eddú Meléndez
|
||||||
* @since 3.2
|
* @since 3.2
|
||||||
*/
|
*/
|
||||||
public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extends
|
public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
|
||||||
AbstractHttpConfigurer<RememberMeConfigurer<H>, H> {
|
extends AbstractHttpConfigurer<RememberMeConfigurer<H>, H> {
|
||||||
private AuthenticationSuccessHandler authenticationSuccessHandler;
|
private AuthenticationSuccessHandler authenticationSuccessHandler;
|
||||||
private String key;
|
private String key;
|
||||||
private RememberMeServices rememberMeServices;
|
private RememberMeServices rememberMeServices;
|
||||||
@ -90,6 +90,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
private UserDetailsService userDetailsService;
|
private UserDetailsService userDetailsService;
|
||||||
private Integer tokenValiditySeconds;
|
private Integer tokenValiditySeconds;
|
||||||
private Boolean useSecureCookie;
|
private Boolean useSecureCookie;
|
||||||
|
private Boolean alwaysRemember;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new instance
|
* Creates a new instance
|
||||||
@ -183,9 +184,11 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The name of cookie which store the token for remember me authentication. Defaults to 'remember-me'.
|
* The name of cookie which store the token for remember me authentication. Defaults
|
||||||
|
* to 'remember-me'.
|
||||||
*
|
*
|
||||||
* @param rememberMeCookieName the name of cookie which store the token for remember me authentication
|
* @param rememberMeCookieName the name of cookie which store the token for remember
|
||||||
|
* me authentication
|
||||||
* @return the {@link RememberMeConfigurer} for further customization
|
* @return the {@link RememberMeConfigurer} for further customization
|
||||||
* @since 4.0.1
|
* @since 4.0.1
|
||||||
*/
|
*/
|
||||||
@ -197,7 +200,8 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
/**
|
/**
|
||||||
* The domain name within which the remember me cookie is visible.
|
* The domain name within which the remember me cookie is visible.
|
||||||
*
|
*
|
||||||
* @param rememberMeCookieDomain the domain name within which the remember me cookie is visible.
|
* @param rememberMeCookieDomain the domain name within which the remember me cookie
|
||||||
|
* is visible.
|
||||||
* @return the {@link RememberMeConfigurer} for further customization
|
* @return the {@link RememberMeConfigurer} for further customization
|
||||||
* @since 4.1.0
|
* @since 4.1.0
|
||||||
*/
|
*/
|
||||||
@ -244,8 +248,8 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
RememberMeServices rememberMeServices = getRememberMeServices(http, key);
|
RememberMeServices rememberMeServices = getRememberMeServices(http, key);
|
||||||
http.setSharedObject(RememberMeServices.class, rememberMeServices);
|
http.setSharedObject(RememberMeServices.class, rememberMeServices);
|
||||||
LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
|
LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
|
||||||
if (logoutConfigurer != null && logoutHandler != null) {
|
if (logoutConfigurer != null && this.logoutHandler != null) {
|
||||||
logoutConfigurer.addLogoutHandler(logoutHandler);
|
logoutConfigurer.addLogoutHandler(this.logoutHandler);
|
||||||
}
|
}
|
||||||
|
|
||||||
RememberMeAuthenticationProvider authenticationProvider = new RememberMeAuthenticationProvider(
|
RememberMeAuthenticationProvider authenticationProvider = new RememberMeAuthenticationProvider(
|
||||||
@ -259,10 +263,11 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
@Override
|
@Override
|
||||||
public void configure(H http) throws Exception {
|
public void configure(H http) throws Exception {
|
||||||
RememberMeAuthenticationFilter rememberMeFilter = new RememberMeAuthenticationFilter(
|
RememberMeAuthenticationFilter rememberMeFilter = new RememberMeAuthenticationFilter(
|
||||||
http.getSharedObject(AuthenticationManager.class), rememberMeServices);
|
http.getSharedObject(AuthenticationManager.class),
|
||||||
if (authenticationSuccessHandler != null) {
|
this.rememberMeServices);
|
||||||
|
if (this.authenticationSuccessHandler != null) {
|
||||||
rememberMeFilter
|
rememberMeFilter
|
||||||
.setAuthenticationSuccessHandler(authenticationSuccessHandler);
|
.setAuthenticationSuccessHandler(this.authenticationSuccessHandler);
|
||||||
}
|
}
|
||||||
rememberMeFilter = postProcess(rememberMeFilter);
|
rememberMeFilter = postProcess(rememberMeFilter);
|
||||||
http.addFilter(rememberMeFilter);
|
http.addFilter(rememberMeFilter);
|
||||||
@ -273,7 +278,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
* @return the HTTP parameter used to indicate to remember the user
|
* @return the HTTP parameter used to indicate to remember the user
|
||||||
*/
|
*/
|
||||||
private String getRememberMeParameter() {
|
private String getRememberMeParameter() {
|
||||||
return rememberMeParameter;
|
return this.rememberMeParameter;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -297,29 +302,34 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
* @return the {@link RememberMeServices} to use
|
* @return the {@link RememberMeServices} to use
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
private RememberMeServices getRememberMeServices(H http, String key) throws Exception {
|
private RememberMeServices getRememberMeServices(H http, String key)
|
||||||
if (rememberMeServices != null) {
|
throws Exception {
|
||||||
if (rememberMeServices instanceof LogoutHandler && logoutHandler == null) {
|
if (this.rememberMeServices != null) {
|
||||||
this.logoutHandler = (LogoutHandler) rememberMeServices;
|
if (this.rememberMeServices instanceof LogoutHandler
|
||||||
|
&& this.logoutHandler == null) {
|
||||||
|
this.logoutHandler = (LogoutHandler) this.rememberMeServices;
|
||||||
}
|
}
|
||||||
return rememberMeServices;
|
return this.rememberMeServices;
|
||||||
}
|
}
|
||||||
AbstractRememberMeServices tokenRememberMeServices = createRememberMeServices(
|
AbstractRememberMeServices tokenRememberMeServices = createRememberMeServices(
|
||||||
http, key);
|
http, key);
|
||||||
tokenRememberMeServices.setParameter(rememberMeParameter);
|
tokenRememberMeServices.setParameter(this.rememberMeParameter);
|
||||||
tokenRememberMeServices.setCookieName(rememberMeCookieName);
|
tokenRememberMeServices.setCookieName(this.rememberMeCookieName);
|
||||||
if (rememberMeCookieDomain != null) {
|
if (this.rememberMeCookieDomain != null) {
|
||||||
tokenRememberMeServices.setCookieDomain(rememberMeCookieDomain);
|
tokenRememberMeServices.setCookieDomain(this.rememberMeCookieDomain);
|
||||||
}
|
}
|
||||||
if (tokenValiditySeconds != null) {
|
if (this.tokenValiditySeconds != null) {
|
||||||
tokenRememberMeServices.setTokenValiditySeconds(tokenValiditySeconds);
|
tokenRememberMeServices.setTokenValiditySeconds(this.tokenValiditySeconds);
|
||||||
}
|
}
|
||||||
if (useSecureCookie != null) {
|
if (this.useSecureCookie != null) {
|
||||||
tokenRememberMeServices.setUseSecureCookie(useSecureCookie);
|
tokenRememberMeServices.setUseSecureCookie(this.useSecureCookie);
|
||||||
|
}
|
||||||
|
if (this.alwaysRemember != null) {
|
||||||
|
tokenRememberMeServices.setAlwaysRemember(this.alwaysRemember);
|
||||||
}
|
}
|
||||||
tokenRememberMeServices.afterPropertiesSet();
|
tokenRememberMeServices.afterPropertiesSet();
|
||||||
logoutHandler = tokenRememberMeServices;
|
this.logoutHandler = tokenRememberMeServices;
|
||||||
rememberMeServices = tokenRememberMeServices;
|
this.rememberMeServices = tokenRememberMeServices;
|
||||||
return tokenRememberMeServices;
|
return tokenRememberMeServices;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -335,7 +345,8 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
*/
|
*/
|
||||||
private AbstractRememberMeServices createRememberMeServices(H http, String key)
|
private AbstractRememberMeServices createRememberMeServices(H http, String key)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
return tokenRepository == null ? createTokenBasedRememberMeServices(http, key)
|
return this.tokenRepository == null
|
||||||
|
? createTokenBasedRememberMeServices(http, key)
|
||||||
: createPersistentRememberMeServices(http, key);
|
: createPersistentRememberMeServices(http, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -363,7 +374,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
String key) {
|
String key) {
|
||||||
UserDetailsService userDetailsService = getUserDetailsService(http);
|
UserDetailsService userDetailsService = getUserDetailsService(http);
|
||||||
return new PersistentTokenBasedRememberMeServices(key, userDetailsService,
|
return new PersistentTokenBasedRememberMeServices(key, userDetailsService,
|
||||||
tokenRepository);
|
this.tokenRepository);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -375,16 +386,15 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
* @return the {@link UserDetailsService} to use
|
* @return the {@link UserDetailsService} to use
|
||||||
*/
|
*/
|
||||||
private UserDetailsService getUserDetailsService(H http) {
|
private UserDetailsService getUserDetailsService(H http) {
|
||||||
if (userDetailsService == null) {
|
if (this.userDetailsService == null) {
|
||||||
userDetailsService = http.getSharedObject(UserDetailsService.class);
|
this.userDetailsService = http.getSharedObject(UserDetailsService.class);
|
||||||
}
|
}
|
||||||
if (userDetailsService == null) {
|
if (this.userDetailsService == null) {
|
||||||
throw new IllegalStateException(
|
throw new IllegalStateException("userDetailsService cannot be null. Invoke "
|
||||||
"userDetailsService cannot be null. Invoke "
|
|
||||||
+ RememberMeConfigurer.class.getSimpleName()
|
+ RememberMeConfigurer.class.getSimpleName()
|
||||||
+ "#userDetailsService(UserDetailsService) or see its javadoc for alternative approaches.");
|
+ "#userDetailsService(UserDetailsService) or see its javadoc for alternative approaches.");
|
||||||
}
|
}
|
||||||
return userDetailsService;
|
return this.userDetailsService;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -394,9 +404,9 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||||||
* @return the remember me key to use
|
* @return the remember me key to use
|
||||||
*/
|
*/
|
||||||
private String getKey() {
|
private String getKey() {
|
||||||
if (key == null) {
|
if (this.key == null) {
|
||||||
key = UUID.randomUUID().toString();
|
this.key = UUID.randomUUID().toString();
|
||||||
}
|
}
|
||||||
return key;
|
return this.key;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user