{ "username": "testuser", "password": "testpass"} @Configuration@Enabl

1. {
2. "username": "testuser",
3. "password": "testpass"
4. }
5.  
6. @Configuration
7. @EnableWebSecurity
8. public class MyApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
9.  
10. [...]
11.  
12. @Autowired
13. private UserService userService; // Interface UserService extends UserDetailsService, and UserServiceImpl ovveride UserDetails loadUserByUsername
14.  
15. @Autowired
16. PersistentTokenRepository tokenRepository;
17.  
18. @Bean
19. CustomAuthenticationFilter authenticationFilter() throws Exception {
20. CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter();
21. customAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
22. customAuthenticationFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login", "POST"));
23. return customAuthenticationFilter;
24. }
25.  
26. @Bean
27. public DaoAuthenticationProvider authenticationProvider() {
28. DaoAuthenticationProvider authProvider
29. = new DaoAuthenticationProvider();
30. authProvider.setUserDetailsService(userService);
31. authProvider.setPasswordEncoder(passwordEncoder);
32. return authProvider;
33. }
34.  
35. @Override
36. protected void configure(AuthenticationManagerBuilder auth)
37. throws Exception {
38. auth.authenticationProvider(authenticationProvider());
39. }
40.  
41. @Override
42. protected void configure(HttpSecurity http) throws Exception {
43.  
44. http.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class);
45. http.exceptionHandling()
46. .authenticationEntryPoint(entryPoint)
47. .and()
48. .[...]
49. .and()
50. .rememberMe()
51. .rememberMeParameter("remember-me")
52. .tokenRepository(tokenRepository)
53. .tokenValiditySeconds(86400)
54. .and()
55. .logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
56.  
57. [...]
58.  
59. }
60.  
61. @Bean
62. public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() {
63. PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
64. "remember-me", userService, tokenRepository);
65. return tokenBasedservice;
66. }
67.  
68. @Bean
69. public AuthenticationTrustResolver getAuthenticationTrustResolver() {
70. return new AuthenticationTrustResolverImpl();
71. }
72. }
73.  
74. public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
75.  
76. private boolean postOnly = true;
77.  
78. @Override
79. public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
80. if (this.postOnly && !request.getMethod().equals("POST")) {
81. throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
82. } else {
83. LoginRequestForm requestForm = obtainLoginData(request);
84. String username = requestForm.getUsername();
85. String password = requestForm.getPassword().
86. if (username == null) {
87. username = "";
88. }
89.  
90. if (password == null) {
91. password = "";
92. }
93.  
94. username = username.trim();
95. UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
96. this.setDetails(request, authRequest);
97. return this.getAuthenticationManager().authenticate(authRequest);
98. }
99. }
100.  
101. private LoginRequestForm obtainLoginData(HttpServletRequest request) {
102. [...]
103. }
104.  
105. @Override
106. protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
107. if (this.logger.isDebugEnabled()) {
108. this.logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
109. }
110.  
111. SecurityContextHolder.getContext().setAuthentication(authResult);
112. // this.rememberMeServices.loginSuccess(request, response, authResult);
113. if (this.eventPublisher != null) {
114. this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
115. }
116. if (authResult != null) {
117. response.setStatus(HttpServletResponse.SC_OK);
118. }
119. clearAuthenticationAttributes(request);
120.  
121. }
122.  
123. protected final void clearAuthenticationAttributes(HttpServletRequest request) {
124. HttpSession session = request.getSession(false);
125. if (session != null) {
126. session.removeAttribute("SPRING_SECURITY_LAST_EXCEPTION");
127. }
128. }
129. }
130.  
131. @Entity
132. @Table(name = "PERSISTENT_LOGINS")
133. @Getter
134. @Setter
135. public class PersistentLogin implements Serializable {
136.  
137. @Id
138. private String series;
139.  
140. @Column(unique=true, nullable=false)
141. private String username;
142.  
143. @Column(unique=true, nullable=false)
144. private String tokenValue;
145.  
146. @Temporal(TemporalType.TIMESTAMP)
147. private Date lastUsed;
148. }
149.  
150. @Repository
151. public interface RememberMeTokenRepository extends JpaRepository<PersistentLogin, String> {
152. PersistentLogin findBySeries(String series);
153.  
154. PersistentLogin findByUsername(String username);
155. }
156.  
157. public interface RememberMeTokenService extends PersistentTokenRepository {
158. }
159.  
160. @Service
161. public class RememberMeTokenServiceImpl implements RememberMeTokenService {
162.  
163. static final Logger logger = LoggerFactory.getLogger(RememberMeTokenServiceImpl.class);
164.  
165. @Autowired
166. RememberMeTokenRepository rememberMeTokenRepository;
167.  
168. @Override
169. public void createNewToken(PersistentRememberMeToken token) {
170. logger.info("Creating Token for user : {}", token.getUsername());
171. PersistentLogin persistentLogin = new PersistentLogin();
172. persistentLogin.setUsername(token.getUsername());
173. persistentLogin.setSeries(token.getSeries());
174. persistentLogin.setTokenValue(token.getTokenValue());
175. persistentLogin.setLastUsed(token.getDate());
176. rememberMeTokenRepository.save(persistentLogin);
177. }
178.  
179. @Override
180. public void updateToken(String series, String tokenValue, Date lastUsed) {
181. logger.info("Updating Token for seriesId : {}", series);
182. PersistentLogin persistentLogin = rememberMeTokenRepository.findBySeries(series);
183. persistentLogin.setSeries(series);
184. persistentLogin.setTokenValue(tokenValue);
185. persistentLogin.setLastUsed(lastUsed);
186. rememberMeTokenRepository.save(persistentLogin);
187. }
188.  
189. @Override
190. public PersistentRememberMeToken getTokenForSeries(String seriesId) {
191. logger.info("Fetch Token if any for seriesId : {}", seriesId);
192. PersistentLogin persistentLogin = rememberMeTokenRepository.findBySeries(seriesId);
193. return new PersistentRememberMeToken(persistentLogin.getUsername(), persistentLogin.getSeries(), persistentLogin.getTokenValue(), persistentLogin.getLastUsed());
194. }
195.  
196. @Override
197. public void removeUserTokens(String username) {
198. logger.info("Removing Token if any for user : {}", username);
199. PersistentLogin persistentLogin = rememberMeTokenRepository.findByUsername(username);
200. if (persistentLogin != null)
201. rememberMeTokenRepository.delete(persistentLogin);
202. }
203. }
204.  
205. set-cookie JSESSIONID=97C818776FE579C801621404827F1143; Path=/; HttpOnly
206.  
207. Cookie Idea-226...=532d...
208.  
209. 2017-08-24 13:34:27.237 INFO 5371 --- [io-8080-exec-10] p.r.s.impl.RememberMeTokenServiceImpl : Removing Token if any for user : testuser
210. Hibernate: select persistent0_.series as series1_6_, persistent0_.last_used as last_use2_6_, persistent0_.token_value as token_va3_6_, persistent0_.username as username4_6_ from persistent_logins persistent0_ where persistent0_.username=?
211.  
212. Set-Cookie remember-me=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/