Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "username": "testuser",
- "password": "testpass"
- }
- @Configuration
- @EnableWebSecurity
- public class MyApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
- [...]
- @Autowired
- private UserService userService; // Interface UserService extends UserDetailsService, and UserServiceImpl ovveride UserDetails loadUserByUsername
- @Autowired
- PersistentTokenRepository tokenRepository;
- @Bean
- CustomAuthenticationFilter authenticationFilter() throws Exception {
- CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter();
- customAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
- customAuthenticationFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login", "POST"));
- return customAuthenticationFilter;
- }
- @Bean
- public DaoAuthenticationProvider authenticationProvider() {
- DaoAuthenticationProvider authProvider
- = new DaoAuthenticationProvider();
- authProvider.setUserDetailsService(userService);
- authProvider.setPasswordEncoder(passwordEncoder);
- return authProvider;
- }
- @Override
- protected void configure(AuthenticationManagerBuilder auth)
- throws Exception {
- auth.authenticationProvider(authenticationProvider());
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class);
- http.exceptionHandling()
- .authenticationEntryPoint(entryPoint)
- .and()
- .[...]
- .and()
- .rememberMe()
- .rememberMeParameter("remember-me")
- .tokenRepository(tokenRepository)
- .tokenValiditySeconds(86400)
- .and()
- .logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
- [...]
- }
- @Bean
- public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() {
- PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
- "remember-me", userService, tokenRepository);
- return tokenBasedservice;
- }
- @Bean
- public AuthenticationTrustResolver getAuthenticationTrustResolver() {
- return new AuthenticationTrustResolverImpl();
- }
- }
- public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
- private boolean postOnly = true;
- @Override
- public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
- if (this.postOnly && !request.getMethod().equals("POST")) {
- throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
- } else {
- LoginRequestForm requestForm = obtainLoginData(request);
- String username = requestForm.getUsername();
- String password = requestForm.getPassword().
- if (username == null) {
- username = "";
- }
- if (password == null) {
- password = "";
- }
- username = username.trim();
- UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
- this.setDetails(request, authRequest);
- return this.getAuthenticationManager().authenticate(authRequest);
- }
- }
- private LoginRequestForm obtainLoginData(HttpServletRequest request) {
- [...]
- }
- @Override
- protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
- if (this.logger.isDebugEnabled()) {
- this.logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
- }
- SecurityContextHolder.getContext().setAuthentication(authResult);
- // this.rememberMeServices.loginSuccess(request, response, authResult);
- if (this.eventPublisher != null) {
- this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
- }
- if (authResult != null) {
- response.setStatus(HttpServletResponse.SC_OK);
- }
- clearAuthenticationAttributes(request);
- }
- protected final void clearAuthenticationAttributes(HttpServletRequest request) {
- HttpSession session = request.getSession(false);
- if (session != null) {
- session.removeAttribute("SPRING_SECURITY_LAST_EXCEPTION");
- }
- }
- }
- @Entity
- @Table(name = "PERSISTENT_LOGINS")
- @Getter
- @Setter
- public class PersistentLogin implements Serializable {
- @Id
- private String series;
- @Column(unique=true, nullable=false)
- private String username;
- @Column(unique=true, nullable=false)
- private String tokenValue;
- @Temporal(TemporalType.TIMESTAMP)
- private Date lastUsed;
- }
- @Repository
- public interface RememberMeTokenRepository extends JpaRepository<PersistentLogin, String> {
- PersistentLogin findBySeries(String series);
- PersistentLogin findByUsername(String username);
- }
- public interface RememberMeTokenService extends PersistentTokenRepository {
- }
- @Service
- public class RememberMeTokenServiceImpl implements RememberMeTokenService {
- static final Logger logger = LoggerFactory.getLogger(RememberMeTokenServiceImpl.class);
- @Autowired
- RememberMeTokenRepository rememberMeTokenRepository;
- @Override
- public void createNewToken(PersistentRememberMeToken token) {
- logger.info("Creating Token for user : {}", token.getUsername());
- PersistentLogin persistentLogin = new PersistentLogin();
- persistentLogin.setUsername(token.getUsername());
- persistentLogin.setSeries(token.getSeries());
- persistentLogin.setTokenValue(token.getTokenValue());
- persistentLogin.setLastUsed(token.getDate());
- rememberMeTokenRepository.save(persistentLogin);
- }
- @Override
- public void updateToken(String series, String tokenValue, Date lastUsed) {
- logger.info("Updating Token for seriesId : {}", series);
- PersistentLogin persistentLogin = rememberMeTokenRepository.findBySeries(series);
- persistentLogin.setSeries(series);
- persistentLogin.setTokenValue(tokenValue);
- persistentLogin.setLastUsed(lastUsed);
- rememberMeTokenRepository.save(persistentLogin);
- }
- @Override
- public PersistentRememberMeToken getTokenForSeries(String seriesId) {
- logger.info("Fetch Token if any for seriesId : {}", seriesId);
- PersistentLogin persistentLogin = rememberMeTokenRepository.findBySeries(seriesId);
- return new PersistentRememberMeToken(persistentLogin.getUsername(), persistentLogin.getSeries(), persistentLogin.getTokenValue(), persistentLogin.getLastUsed());
- }
- @Override
- public void removeUserTokens(String username) {
- logger.info("Removing Token if any for user : {}", username);
- PersistentLogin persistentLogin = rememberMeTokenRepository.findByUsername(username);
- if (persistentLogin != null)
- rememberMeTokenRepository.delete(persistentLogin);
- }
- }
- set-cookie JSESSIONID=97C818776FE579C801621404827F1143; Path=/; HttpOnly
- Cookie Idea-226...=532d...
- 2017-08-24 13:34:27.237 INFO 5371 --- [io-8080-exec-10] p.r.s.impl.RememberMeTokenServiceImpl : Removing Token if any for user : testuser
- Hibernate: select persistent0_.series as series1_6_, persistent0_.last_used as last_use2_6_, persistent0_.token_value as token_va3_6_, persistent0_.username as username4_6_ from persistent_logins persistent0_ where persistent0_.username=?
- Set-Cookie remember-me=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement