diff options
author | Alexander Alexeev | 2016-11-28 13:39:04 +0700 |
---|---|---|
committer | Alexander Alexeev | 2016-11-28 13:39:04 +0700 |
commit | bc23d2d2125d2086847397e85335f29a70668f6b (patch) | |
tree | 8c4f0ce7a91763eec65ce36559b7a6c388d9c68d /juick-server/src/main/java/com/juick/service/security | |
parent | 47a285e60b0780c7d81e4e1b77736f69e0aaf761 (diff) |
remember-me authorization with test; a statndard DaoAuthentication provider used
Diffstat (limited to 'juick-server/src/main/java/com/juick/service/security')
-rw-r--r-- | juick-server/src/main/java/com/juick/service/security/JuickUserDetailsService.java | 34 | ||||
-rw-r--r-- | juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java | 89 |
2 files changed, 123 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/service/security/JuickUserDetailsService.java b/juick-server/src/main/java/com/juick/service/security/JuickUserDetailsService.java new file mode 100644 index 00000000..d1fd9345 --- /dev/null +++ b/juick-server/src/main/java/com/juick/service/security/JuickUserDetailsService.java @@ -0,0 +1,34 @@ +package com.juick.service.security; + +import com.juick.server.security.entities.JuickUser; +import com.juick.service.UserService; +import org.apache.commons.lang3.StringUtils; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.util.Assert; + +/** + * Created by aalexeev on 11/28/16. + */ +public class JuickUserDetailsService implements UserDetailsService { + private final UserService userService; + + public JuickUserDetailsService(final UserService userService) { + Assert.notNull(userService); + this.userService = userService; + } + + @Override + public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException { + if (StringUtils.isBlank(username)) + throw new UsernameNotFoundException("Invalid user name " + username); + + com.juick.User user = userService.getFullyUserByName(username); + + if (user != null) + return new JuickUser(user); + + throw new UsernameNotFoundException("The username " + username + " is not found"); + } +} diff --git a/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java b/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java new file mode 100644 index 00000000..d5d54005 --- /dev/null +++ b/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java @@ -0,0 +1,89 @@ +package com.juick.service.security; + +import com.juick.User; +import com.juick.server.security.entities.JuickUser; +import com.juick.service.UserService; +import com.juick.util.UserUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.core.env.Environment; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.web.authentication.RememberMeServices; +import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices; +import org.springframework.security.web.authentication.rememberme.InvalidCookieException; +import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException; +import org.springframework.util.Assert; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Optional; + +/** + * Created by aalexeev on 11/28/16. + */ +public class SimpleRememberMeServices extends AbstractRememberMeServices implements RememberMeServices { + private final UserService userService; + + public SimpleRememberMeServices( + final String key, final UserDetailsService userDetailsService, final UserService userService, final Environment environment) { + super(key, userDetailsService); + + Assert.notNull(userService); + Assert.notNull(environment); + + this.userService = userService; + + setCookieName(environment.getProperty("auth_cookie_name", "hash")); + setCookieDomain(environment.getProperty("web_domain", "juick.com")); + } + + @Override + public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { + super.logout(request, response, authentication); + userService.deleteLoginForUser(authentication.getName()); + } + + @Override + protected void onLoginSuccess( + HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) { + String username = successfulAuthentication.getName(); + + logger.debug("Creating new persistent login for user " + username); + + try { + int uid = userService.getUIDbyName(username); + + Assert.isTrue(uid > 0); + + String hash = UserUtils.generateHash(16); + + userService.setLoginForUser(uid, hash); + + setCookie(new String[]{hash}, getTokenValiditySeconds(), request, response); + } catch (Exception e) { + logger.error("Failed to save cookies ", e); + } + } + + @Override + protected UserDetails processAutoLoginCookie( + String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) + throws RememberMeAuthenticationException, UsernameNotFoundException { + String hash = cookieTokens[0]; + + if (StringUtils.isBlank(hash)) + throw new InvalidCookieException("Cookie is invalid, cookies " + cookieTokens); + + int uid = userService.getUIDbyHash(cookieTokens[0]); + if (uid <= 0) + throw new UsernameNotFoundException("User not found bash hash, cookies" + cookieTokens); + + Optional<User> userOptional = userService.getUserByUID(uid); + + Assert.isTrue(userOptional.isPresent()); + + return new JuickUser(userOptional.get()); + } +} |