remember-me authorization with test; a statndard DaoAuthentication provider used

2 files changed, 123 insertions, 0 deletions

diff --git a/juick-server/src/main/java/com/juick/service/security/JuickUserDetailsService.java b/juick-server/src/main/java/com/juick/service/security/JuickUserDetailsService.java
new file mode 100644
index 00000000..d1fd9345
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/service/security/JuickUserDetailsService.java
@@ -0,0 +1,34 @@
+package com.juick.service.security;
+
+import com.juick.server.security.entities.JuickUser;
+import com.juick.service.UserService;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.util.Assert;
+
+/**
+ * Created by aalexeev on 11/28/16.
+ */
+public class JuickUserDetailsService implements UserDetailsService {
+    private final UserService userService;
+
+    public JuickUserDetailsService(final UserService userService) {
+        Assert.notNull(userService);
+        this.userService = userService;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {
+        if (StringUtils.isBlank(username))
+            throw new UsernameNotFoundException("Invalid user name " + username);
+
+        com.juick.User user = userService.getFullyUserByName(username);
+
+        if (user != null)
+            return new JuickUser(user);
+
+        throw new UsernameNotFoundException("The username " + username + " is not found");
+    }
+}
diff --git a/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java b/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java
new file mode 100644
index 00000000..d5d54005
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java
@@ -0,0 +1,89 @@
+package com.juick.service.security;
+
+import com.juick.User;
+import com.juick.server.security.entities.JuickUser;
+import com.juick.service.UserService;
+import com.juick.util.UserUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.core.env.Environment;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
+import org.springframework.security.web.authentication.rememberme.InvalidCookieException;
+import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
+import org.springframework.util.Assert;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Optional;
+
+/**
+ * Created by aalexeev on 11/28/16.
+ */
+public class SimpleRememberMeServices extends AbstractRememberMeServices implements RememberMeServices {
+    private final UserService userService;
+
+    public SimpleRememberMeServices(
+            final String key, final UserDetailsService userDetailsService, final UserService userService, final Environment environment) {
+        super(key, userDetailsService);
+
+        Assert.notNull(userService);
+        Assert.notNull(environment);
+
+        this.userService = userService;
+
+        setCookieName(environment.getProperty("auth_cookie_name", "hash"));
+        setCookieDomain(environment.getProperty("web_domain", "juick.com"));
+    }
+
+    @Override
+    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
+        super.logout(request, response, authentication);
+        userService.deleteLoginForUser(authentication.getName());
+    }
+
+    @Override
+    protected void onLoginSuccess(
+            HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) {
+        String username = successfulAuthentication.getName();
+
+        logger.debug("Creating new persistent login for user " + username);
+
+        try {
+            int uid = userService.getUIDbyName(username);
+
+            Assert.isTrue(uid > 0);
+
+            String hash = UserUtils.generateHash(16);
+
+            userService.setLoginForUser(uid, hash);
+
+            setCookie(new String[]{hash}, getTokenValiditySeconds(), request, response);
+        } catch (Exception e) {
+            logger.error("Failed to save cookies ", e);
+        }
+    }
+
+    @Override
+    protected UserDetails processAutoLoginCookie(
+            String[] cookieTokens, HttpServletRequest request, HttpServletResponse response)
+            throws RememberMeAuthenticationException, UsernameNotFoundException {
+        String hash = cookieTokens[0];
+
+        if (StringUtils.isBlank(hash))
+            throw new InvalidCookieException("Cookie is invalid, cookies " + cookieTokens);
+
+        int uid = userService.getUIDbyHash(cookieTokens[0]);
+        if (uid <= 0)
+            throw new UsernameNotFoundException("User not found bash hash, cookies" + cookieTokens);
+
+        Optional<User> userOptional = userService.getUserByUID(uid);
+
+        Assert.isTrue(userOptional.isPresent());
+
+        return new JuickUser(userOptional.get());
+    }
+}