From 1ba9ca32e4f3f093b1e95d6944ee0f32e7632460 Mon Sep 17 00:00:00 2001 From: _Bastler Date: Mon, 4 Oct 2021 10:35:35 +0200 Subject: [PATCH] rememberme --- pom.xml | 2 +- .../security/LocalRememberMeServices.java | 49 +++++++++++++++++++ .../OAuth2AuthenticationSuccessHandler.java | 11 +++++ .../bstly/board/security/SecurityConfig.java | 3 +- 4 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 src/main/java/de/bstly/board/security/LocalRememberMeServices.java diff --git a/pom.xml b/pom.xml index 70f4f20..4edc28a 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ UTF-8 11 - 0.2.2-SNAPSHOT + 0.3.0-SNAPSHOT diff --git a/src/main/java/de/bstly/board/security/LocalRememberMeServices.java b/src/main/java/de/bstly/board/security/LocalRememberMeServices.java new file mode 100644 index 0000000..f444314 --- /dev/null +++ b/src/main/java/de/bstly/board/security/LocalRememberMeServices.java @@ -0,0 +1,49 @@ +/** + * + */ +package de.bstly.board.security; + +import javax.servlet.http.HttpServletRequest; + +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices; +import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository; + +/** + * + * @author _bastler@bstly.de + * + */ +public class LocalRememberMeServices extends PersistentTokenBasedRememberMeServices { + + /** + * @param key + * @param userDetailsService + * @param tokenRepository + */ + public LocalRememberMeServices(String key, UserDetailsService userDetailsService, + PersistentTokenRepository tokenRepository) { + super(key, userDetailsService, tokenRepository); + } + + /* + * + * @see org.springframework.security.web.authentication.rememberme. + * AbstractRememberMeServices#rememberMeRequested(javax.servlet.http. + * HttpServletRequest, java.lang.String) + */ + @Override + protected boolean rememberMeRequested(HttpServletRequest request, String parameter) { + Object value = request.getAttribute(parameter); + if (value != null) { + String paramValue = value.toString(); + if (paramValue.equalsIgnoreCase("true") || paramValue.equalsIgnoreCase("on") + || paramValue.equalsIgnoreCase("yes") || paramValue.equals("1")) { + return true; + } + } + + return super.rememberMeRequested(request, parameter); + } + +} diff --git a/src/main/java/de/bstly/board/security/OAuth2AuthenticationSuccessHandler.java b/src/main/java/de/bstly/board/security/OAuth2AuthenticationSuccessHandler.java index 4dcfb4e..c6c2e9b 100644 --- a/src/main/java/de/bstly/board/security/OAuth2AuthenticationSuccessHandler.java +++ b/src/main/java/de/bstly/board/security/OAuth2AuthenticationSuccessHandler.java @@ -14,6 +14,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; +import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.stereotype.Component; @@ -30,6 +31,7 @@ public class OAuth2AuthenticationSuccessHandler @Autowired private UserManager localUserManager; + private RememberMeServices rememberMeServices; @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, @@ -43,8 +45,17 @@ public class OAuth2AuthenticationSuccessHandler SecurityContextHolder.getContext().setAuthentication(newAuthentication); + if (rememberMeServices != null) { + request.setAttribute("remember-me", "true"); + rememberMeServices.loginSuccess(request, response, newAuthentication); + } + handle(request, response, newAuthentication); clearAuthenticationAttributes(request); } + public void setRememberMeServices(RememberMeServices rememberMeServices) { + this.rememberMeServices = rememberMeServices; + } + } diff --git a/src/main/java/de/bstly/board/security/SecurityConfig.java b/src/main/java/de/bstly/board/security/SecurityConfig.java index 47fc380..a84e936 100755 --- a/src/main/java/de/bstly/board/security/SecurityConfig.java +++ b/src/main/java/de/bstly/board/security/SecurityConfig.java @@ -55,6 +55,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { oAuth2AuthenticationSuccessHandler.setDefaultTargetUrl(loginTargetUrl); + oAuth2AuthenticationSuccessHandler.setRememberMeServices(rememberMeServices()); http // crsf @@ -103,7 +104,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean public RememberMeServices rememberMeServices() { - PersistentTokenBasedRememberMeServices rememberMeServices = new PersistentTokenBasedRememberMeServices( + PersistentTokenBasedRememberMeServices rememberMeServices = new LocalRememberMeServices( "remember-me", localUserManager, persistentTokenRepository()); return rememberMeServices; }