Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.

This commit is contained in:
Luke Taylor 2008-12-16 23:25:44 +00:00
parent 7fa9a959b5
commit c2e688610c
1 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java
View File

@ -107,19 +107,16 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
logger.debug("Remember-me cookie accepted"); logger.debug("Remember-me cookie accepted");
RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(key, user, user.getAuthorities()); return createSuccessfulAuthentication(request, user);
auth.setDetails(authenticationDetailsSource.buildDetails(request));
return auth;
} }
/** /**
* Locates the Spring Security remember me cookie in the request. * Locates the Spring Security remember me cookie in the request and returns its value.
* *
* @param request the submitted request which is to be authenticated * @param request the submitted request which is to be authenticated
* @return the cookie value (if present), null otherwise. * @return the cookie value (if present), null otherwise.
*/ */
private String extractRememberMeCookie(HttpServletRequest request) { protected String extractRememberMeCookie(HttpServletRequest request) {
Cookie[] cookies = request.getCookies(); Cookie[] cookies = request.getCookies();
if ((cookies == null) || (cookies.length == 0)) { if ((cookies == null) || (cookies.length == 0)) {
@ -135,6 +132,24 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
return null; return null;
} }
/**
* Creates the final <tt>Authentication</tt> object returned from the <tt>autoLogin</tt> method.
* <p>
* By default it will create a <tt>RememberMeAuthenticationToken</tt> instance.
*
* @param request the original request. The configured <tt>AuthenticationDetailsSource</tt> will
* use this to build the details property of the returned object.
* @param user the <tt>UserDetails</tt> loaded from the <tt>UserDetailsService</tt>. This will be
* stored as the principal.
*
* @return the <tt>Authentication</tt> for the remember-me authenticated user
*/
protected Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user) {
RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(key, user, user.getAuthorities());
auth.setDetails(authenticationDetailsSource.buildDetails(request));
return auth;
}
/** /**
* Decodes the cookie and splits it into a set of token strings using the ":" delimiter. * Decodes the cookie and splits it into a set of token strings using the ":" delimiter.
* *