spring-security: remember-me token was not generated properly in hash filter

author: Vitaly Takmazov 2017-12-14 16:09:27 +0300
committer: Vitaly Takmazov 2017-12-14 16:09:46 +0300
commit: f84c1e7eac95ee3187885ddea80a4ff2085c0689 (patch)
tree: 3ce5ebba3980a8fffe155b5f53fc589ddd0721cf /juick-server-web/src
parent: 6593a618e9ba4cbdbe86fcaefab2492917c2276f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/juick-server-web/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java b/juick-server-web/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
index ed24fc00..e8ea0492 100644
--- a/juick-server-web/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
+++ b/juick-server-web/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
@@ -69,8 +69,9 @@ public class HashParamAuthenticationFilter extends OncePerRequestFilter {
             User user = userService.getUserByHash(hash);
 
             if (!user.isAnonymous()) {
+                User userWithPassword = userService.getFullyUserByName(user.getName());
                 Authentication authentication = new RememberMeAuthenticationToken(
-                        ((AbstractRememberMeServices)rememberMeServices).getKey(), new JuickUser(user), JuickUser.USER_AUTHORITY);
+                        ((AbstractRememberMeServices)rememberMeServices).getKey(), new JuickUser(userWithPassword), JuickUser.USER_AUTHORITY);
 
                 SecurityContextHolder.getContext().setAuthentication(authentication);
author	Vitaly Takmazov	2017-12-14 16:09:27 +0300
committer	Vitaly Takmazov	2017-12-14 16:09:46 +0300
commit	f84c1e7eac95ee3187885ddea80a4ff2085c0689 (patch)
tree	3ce5ebba3980a8fffe155b5f53fc589ddd0721cf /juick-server-web/src
parent	6593a618e9ba4cbdbe86fcaefab2492917c2276f (diff)