Examples of PersistentRememberMeToken

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

50
51
52
53
54
55
56
57
58
59
60
    }

    @Test(expected = RememberMeAuthenticationException.class)
    public void loginIsRejectedWhenTokenIsExpired() {
        MockTokenRepository repo =
                new MockTokenRepository(new PersistentRememberMeToken("joe", "series","token", new Date()));
        services.setTokenRepository(repo);
        services.setTokenValiditySeconds(1);
        try {
            Thread.sleep(1100);
        } catch (InterruptedException e) {
View Full Code Here

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

65
66
67
68
69
70
71
72
73
74
                new MockHttpServletResponse());
    }

    @Test(expected = CookieTheftException.class)
    public void cookieTheftIsDetectedWhenSeriesAndTokenDontMatch() {
        PersistentRememberMeToken token = new PersistentRememberMeToken("joe", "series","wrongtoken", new Date());
        services.setTokenRepository(new MockTokenRepository(token));
        services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(),
                new MockHttpServletResponse());
    }
View Full Code Here

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

74
75
76
77
78
79
80
81
82
83
84
    }

    @Test
    public void successfulAutoLoginCreatesNewTokenAndCookieWithSameSeries() {
        MockTokenRepository repo =
                new MockTokenRepository(new PersistentRememberMeToken("joe", "series","token", new Date()));
        services.setTokenRepository(repo);
        // 12 => b64 length will be 16
        services.setTokenLength(12);
        MockHttpServletResponse response = new MockHttpServletResponse();
        services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(), response);
View Full Code Here

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

113
114
115
116
117
118
119
120
121
122
123
        Cookie cookie = new Cookie("mycookiename", "somevalue");
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setCookies(cookie);
        MockHttpServletResponse response = new MockHttpServletResponse();
        MockTokenRepository repo =
            new MockTokenRepository(new PersistentRememberMeToken("joe", "series","token", new Date()));
        services.setTokenRepository(repo);
        services.logout(request, response, new TestingAuthenticationToken("joe","somepass","SOME_AUTH"));
        Cookie returnedCookie = response.getCookie("mycookiename");
        assertNotNull(returnedCookie);
        assertEquals(0, returnedCookie.getMaxAge());
View Full Code Here

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

136
137
138
139
140
141
142
143
        public void createNewToken(PersistentRememberMeToken token) {
            storedToken = token;
        }

        public void updateToken(String series, String tokenValue, Date lastUsed) {
            storedToken = new PersistentRememberMeToken(storedToken.getUsername(), storedToken.getSeries(),
                    tokenValue, lastUsed);
        }
View Full Code Here

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
          }

          final String presentedSeries = cookieTokens[0];
          final String presentedToken = cookieTokens[1];

          PersistentRememberMeToken token = tokenRepository.getTokenForSeries(presentedSeries);

          if (token == null) {
              // No series match, so we can't authenticate using this cookie
              throw new RememberMeAuthenticationException("No persistent token found for series id: " + presentedSeries);
          }


          //处理!!远程的cookie的token的value应该是不包含IP信息的,而数据库中保存的token的value是包含IP信息的。
          //在比较之前要进行计算。
          String tokenSignature = makeTokenSignature(presentedToken,request.getRemoteAddr());
          // We have a match for this user/series combination
          if(tokenSignature==null||!tokenSignature.equals(token.getTokenValue())){
//          if (!presentedToken.equals(token.getTokenValue())) {
              // Token doesn't match series value. Delete all logins for this user and throw an exception to warn them.
              tokenRepository.removeUserTokens(token.getUsername());

              throw new CookieTheftException(messages.getMessage("PersistentTokenBasedRememberMeServices.cookieStolen",
                      "Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack."));
          }

          if (token.getDate().getTime() + getTokenValiditySeconds()*1000L < System.currentTimeMillis()) {
              throw new RememberMeAuthenticationException("Remember-me login has expired");
          }

          // Token also matches, so login is valid. Update the token value, keeping the *same* series number.
          if (logger.isDebugEnabled()) {
              logger.debug("Refreshing persistent login token for user '" + token.getUsername() + "', series '" +
                      token.getSeries() + "'");
          }

          HttpSession session = request.getSession();
          if(session!=null){
            session.setAttribute(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY,token.getUsername());
          }
         
          PersistentRememberMeToken newToken = new PersistentRememberMeToken(token.getUsername(),
                  token.getSeries(), generateTokenData(), new Date());

          try {
              tokenRepository.updateToken(newToken.getSeries(), makeTokenSignature(newToken.getTokenValue(),request.getRemoteAddr()), newToken.getDate());
              addCookie(newToken, request, response);
          } catch (DataAccessException e) {
              logger.error("Failed to update token: ", e);
              throw new RememberMeAuthenticationException("Autologin failed due to data access problem");
          }
View Full Code Here

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

127
128
129
130
131
132
133
134
135
136
137
138
139
      protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) {
          String username = successfulAuthentication.getName();

          logger.debug("Creating new persistent login for user " + username);

          PersistentRememberMeToken persistentToken = new PersistentRememberMeToken(username, generateSeriesData(),
                  generateTokenData(), new Date());
          PersistentRememberMeToken ipToken = new PersistentRememberMeToken(username, persistentToken.getSeries(),
              makeTokenSignature(persistentToken.getTokenValue(),request.getRemoteAddr()), persistentToken.getDate());
          try {
              tokenRepository.createNewToken(ipToken);
              addCookie(persistentToken, request, response);
          } catch (DataAccessException e) {
View Full Code Here

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

13
14
15
16
17
18
19
20
21
22
23
    private final Map<String, PersistentRememberMeToken> seriesTokens = new HashMap<String, PersistentRememberMeToken>();

    @Override
    public void createNewToken(PersistentRememberMeToken token) {
        PersistentRememberMeToken current = seriesTokens.get(token.getSeries());

        if (current != null) {
            throw new DataIntegrityViolationException("Series Id '"
                    + token.getSeries() + "' already exists!");
        }
View Full Code Here

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

25
26
27
28
29
30
31
32
33
34
35
36
37
        seriesTokens.put(token.getSeries(), token);
    }

    @Override
    public void updateToken(String series, String tokenValue, Date lastUsed) {
        PersistentRememberMeToken token = getTokenForSeries(series);

        PersistentRememberMeToken newToken = new PersistentRememberMeToken(
                token.getUsername(), series, tokenValue, new Date());

        seriesTokens.put(series, newToken);

    }
View Full Code Here

Examples of org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

47
48
49
50
51
52
53
54
55
56
57
58
        Iterator<String> series = seriesTokens.keySet().iterator();

        while (series.hasNext()) {
            String seriesId = series.next();

            PersistentRememberMeToken token = seriesTokens.get(seriesId);

            if (username.equals(token.getUsername())) {
                series.remove();
            }
        }
    }
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.