|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
public abstract class AbstractRememberMeServices
Base class for RememberMeServices implementations.
Field Summary | |
---|---|
static String |
DEFAULT_PARAMETER
|
protected org.apache.commons.logging.Log |
logger
|
protected MessageSourceAccessor |
messages
|
static String |
SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY
|
static int |
TWO_WEEKS_S
|
Constructor Summary | |
---|---|
AbstractRememberMeServices()
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
|
Authentication |
autoLogin(HttpServletRequest request,
HttpServletResponse response)
Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method. |
protected void |
cancelCookie(HttpServletRequest request,
HttpServletResponse response)
Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins. |
protected Authentication |
createSuccessfulAuthentication(HttpServletRequest request,
UserDetails user)
Creates the final Authentication object returned from the autoLogin method. |
protected String[] |
decodeCookie(String cookieValue)
Decodes the cookie and splits it into a set of token strings using the ":" delimiter. |
protected String |
encodeCookie(String[] cookieTokens)
Inverse operation of decodeCookie. |
protected String |
extractRememberMeCookie(HttpServletRequest request)
Locates the Spring Security remember me cookie in the request and returns its value. |
protected AuthenticationDetailsSource |
getAuthenticationDetailsSource()
|
protected String |
getCookieName()
|
String |
getKey()
|
String |
getParameter()
|
protected int |
getTokenValiditySeconds()
|
protected UserDetailsService |
getUserDetailsService()
|
void |
loginFail(HttpServletRequest request,
HttpServletResponse response)
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid. |
void |
loginSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication successfulAuthentication)
Examines the incoming request and checks for the presence of the configured "remember me" parameter. |
void |
logout(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication)
Implementation of LogoutHandler. |
protected void |
onLoginFail(HttpServletRequest request,
HttpServletResponse response)
|
protected abstract void |
onLoginSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication successfulAuthentication)
Called from loginSuccess when a remember-me login has been requested. |
protected abstract UserDetails |
processAutoLoginCookie(String[] cookieTokens,
HttpServletRequest request,
HttpServletResponse response)
Called from autoLogin to process the submitted persistent login cookie. |
protected boolean |
rememberMeRequested(HttpServletRequest request,
String parameter)
Allows customization of whether a remember-me login has been requested. |
void |
setAlwaysRemember(boolean alwaysRemember)
|
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
|
protected void |
setCookie(String[] tokens,
int maxAge,
HttpServletRequest request,
HttpServletResponse response)
Sets the cookie on the response |
void |
setCookieName(String cookieName)
|
void |
setKey(String key)
|
void |
setParameter(String parameter)
Sets the name of the parameter which should be checked for to see if a remember-me has been requested during a login request. |
void |
setTokenValiditySeconds(int tokenValiditySeconds)
|
void |
setUserDetailsService(UserDetailsService userDetailsService)
|
void |
setUseSecureCookie(boolean useSecureCookie)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY
public static final String DEFAULT_PARAMETER
public static final int TWO_WEEKS_S
protected final org.apache.commons.logging.Log logger
protected MessageSourceAccessor messages
Constructor Detail |
---|
public AbstractRememberMeServices()
Method Detail |
---|
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
public final Authentication autoLogin(HttpServletRequest request, HttpServletResponse response)
The returned username is then used to load the UserDetails object for the user, which in turn is used to create a valid authentication token.
autoLogin
in interface RememberMeServices
request
- to look for a remember-me token withinresponse
- to change, cancel or modify the remember-me token
null
if the request should not be authenticatedprotected String extractRememberMeCookie(HttpServletRequest request)
request
- the submitted request which is to be authenticated
protected Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user)
By default it will create a RememberMeAuthenticationToken instance.
request
- the original request. The configured AuthenticationDetailsSource will
use this to build the details property of the returned object.user
- the UserDetails loaded from the UserDetailsService. This will be
stored as the principal.
protected String[] decodeCookie(String cookieValue) throws InvalidCookieException
cookieValue
- the value obtained from the submitted cookie
InvalidCookieException
- if the cookie was not base64 encoded.protected String encodeCookie(String[] cookieTokens)
cookieTokens
- the tokens to be encoded.
public final void loginFail(HttpServletRequest request, HttpServletResponse response)
RememberMeServices
HttpServletRequest
.
loginFail
in interface RememberMeServices
request
- that contained an invalid authentication requestresponse
- to change, cancel or modify the remember-me tokenprotected void onLoginFail(HttpServletRequest request, HttpServletResponse response)
public final void loginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication)
loginSuccess
in interface RememberMeServices
request
- that contained the valid authentication requestresponse
- to change, cancel or modify the remember-me tokensuccessfulAuthentication
- representing the successfully authenticated principalprotected abstract void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication)
protected boolean rememberMeRequested(HttpServletRequest request, String parameter)
request
- the request submitted from an interactive login, which may include additional information
indicating that a persistent login is desired.parameter
- the configured remember-me parameter name.
protected abstract UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) throws RememberMeAuthenticationException, UsernameNotFoundException
cookieTokens
- the decoded and tokenized cookie valuerequest
- the requestresponse
- the response, to allow the cookie to be modified if required.
RememberMeAuthenticationException
- if the cookie is invalid or the login is invalid for some
other reason.
UsernameNotFoundException
- if the user account corresponding to the login cookie couldn't be found
(for example if the user has been removed from the system).protected void cancelCookie(HttpServletRequest request, HttpServletResponse response)
request
- response
- protected void setCookie(String[] tokens, int maxAge, HttpServletRequest request, HttpServletResponse response)
tokens
- the tokens which will be encoded to make the cookie value.maxAge
- the value passed to Cookie.setMaxAge(int)
request
- the requestresponse
- the response to add the cookie to.public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
logout
in interface LogoutHandler
request
- the HTTP requestresponse
- the HTTP responseauthentication
- the current principal detailspublic void setCookieName(String cookieName)
protected String getCookieName()
public void setAlwaysRemember(boolean alwaysRemember)
public void setParameter(String parameter)
parameter
- the HTTP request parameterpublic String getParameter()
protected UserDetailsService getUserDetailsService()
public void setUserDetailsService(UserDetailsService userDetailsService)
public void setKey(String key)
public String getKey()
public void setTokenValiditySeconds(int tokenValiditySeconds)
protected int getTokenValiditySeconds()
public void setUseSecureCookie(boolean useSecureCookie)
protected AuthenticationDetailsSource getAuthenticationDetailsSource()
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |