View Javadoc
1   package org.springframework.security.oauth.consumer.rememberme;
2   
3   import java.util.HashMap;
4   import java.util.Map;
5   
6   import javax.servlet.http.HttpServletRequest;
7   import javax.servlet.http.HttpServletResponse;
8   import javax.servlet.http.HttpSession;
9   
10  import org.springframework.security.oauth.consumer.OAuthConsumerToken;
11  
12  /**
13   * Default implementation of the OAuth2 rememberme services. Just stores everything in the session by default. Storing
14   * access token can be suppressed to reduce long-term expose of these tokens in the underlying HTTP session.
15   * 
16   * @author Ryan Heaton
17   * @author Alex Rau
18   */
19  public class HttpSessionOAuthRememberMeServices implements OAuthRememberMeServices {
20  
21  	public static final String REMEMBERED_TOKENS_KEY = HttpSessionOAuthRememberMeServices.class.getName()
22  			+ "#REMEMBERED_TOKENS";
23  
24  	private boolean storeAccessTokens = true;
25  
26  	@SuppressWarnings("unchecked")
27  	public Map<String, OAuthConsumerToken> loadRememberedTokens(HttpServletRequest request, HttpServletResponse response) {
28  		
29  		HttpSession session = request.getSession(false);
30  
31  		if (session != null) {
32  			return (Map<String, OAuthConsumerToken>) session.getAttribute(REMEMBERED_TOKENS_KEY);
33  		}
34  		
35  		return null;
36  	}
37  
38  	public void rememberTokens(Map<String, OAuthConsumerToken> tokens, HttpServletRequest request,
39  			HttpServletResponse response) {
40  
41  		HttpSession session = request.getSession(false);
42  
43  		if (session == null) {
44  			return;
45  		}
46  
47  		Map<String, OAuthConsumerToken> requestTokensOnly = new HashMap<String, OAuthConsumerToken>();
48  
49  		for (Map.Entry<String, OAuthConsumerToken> token : tokens.entrySet()) {
50  			if (storeAccessTokens && !token.getValue().isAccessToken())
51  				requestTokensOnly.put(token.getKey(), token.getValue());
52  
53  		}
54  
55  		session.setAttribute(REMEMBERED_TOKENS_KEY, requestTokensOnly);
56  	}
57  }