From 66d3be7862c8525f6f85e387503c6002a00371ee Mon Sep 17 00:00:00 2001
From: Alexander Alexeev
Date: Wed, 5 Apr 2017 18:51:31 +0700
Subject: rememberMe improved: added compatibility with old version

---
 .../juick/www/configuration/WebSecurityConfig.java | 26 ++++++++++++++++------
 1 file changed, 19 insertions(+), 7 deletions(-)

(limited to 'juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java')

diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 3c674d0c..d3aa9e81 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -8,12 +8,13 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
 import javax.annotation.Resource;
@@ -66,11 +67,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .failureUrl("/login?error=1")
                 .and()
                 .rememberMe()
-                .tokenValiditySeconds(6 * 30 * 24 * 3600)
-                .alwaysRemember(true)
-                //.useSecureCookie(true) // TODO Enable if https is supports
                 .rememberMeCookieDomain(webDomain).key(rememberMeKey)
-                .userDetailsService(userDetailsServiceBean())
+                .rememberMeServices(rememberMeServices())
                 .and()
                 .csrf().disable()
                 .authenticationProvider(authenticationProvider())
@@ -87,8 +85,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     }
 
     @Bean
-    public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
-        return new HashParamAuthenticationFilter(userService);
+    public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception {
+        return new HashParamAuthenticationFilter(userService, rememberMeServices());
+    }
+
+    @Bean
+    public RememberMeServices rememberMeServices() throws Exception {
+        TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(
+                rememberMeKey, userDetailsServiceBean());
+
+        services.setCookieName("juick-remember-me");
+        services.setCookieDomain(webDomain);
+        services.setAlwaysRemember(true);
+        services.setTokenValiditySeconds(6 * 30 * 24 * 3600);
+        services.setUseSecureCookie(false); // TODO set true if https is supports
+
+        return services;
     }
 
     @Override
-- 
cgit v1.2.3