aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick
diff options
context:
space:
mode:
authorGravatar Alexander Alexeev2017-04-05 18:51:31 +0700
committerGravatar Vitaly Takmazov2017-04-05 15:13:40 +0300
commit66d3be7862c8525f6f85e387503c6002a00371ee (patch)
tree9f2e668c7f1771f58676ac82068261f6ca576dd6 /juick-www/src/main/java/com/juick
parenta06c82e4ecfea6452f4d90aa41189f294c434160 (diff)
rememberMe improved: added compatibility with old version
Diffstat (limited to 'juick-www/src/main/java/com/juick')
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java26
1 files changed, 19 insertions, 7 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 3c674d0c..d3aa9e81 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -8,12 +8,13 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import javax.annotation.Resource;
@@ -66,11 +67,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.failureUrl("/login?error=1")
.and()
.rememberMe()
- .tokenValiditySeconds(6 * 30 * 24 * 3600)
- .alwaysRemember(true)
- //.useSecureCookie(true) // TODO Enable if https is supports
.rememberMeCookieDomain(webDomain).key(rememberMeKey)
- .userDetailsService(userDetailsServiceBean())
+ .rememberMeServices(rememberMeServices())
.and()
.csrf().disable()
.authenticationProvider(authenticationProvider())
@@ -87,8 +85,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
}
@Bean
- public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
- return new HashParamAuthenticationFilter(userService);
+ public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception {
+ return new HashParamAuthenticationFilter(userService, rememberMeServices());
+ }
+
+ @Bean
+ public RememberMeServices rememberMeServices() throws Exception {
+ TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(
+ rememberMeKey, userDetailsServiceBean());
+
+ services.setCookieName("juick-remember-me");
+ services.setCookieDomain(webDomain);
+ services.setAlwaysRemember(true);
+ services.setTokenValiditySeconds(6 * 30 * 24 * 3600);
+ services.setUseSecureCookie(false); // TODO set true if https is supports
+
+ return services;
}
@Override