From 66d3be7862c8525f6f85e387503c6002a00371ee Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Wed, 5 Apr 2017 18:51:31 +0700 Subject: rememberMe improved: added compatibility with old version --- .../juick/www/configuration/WebSecurityConfig.java | 26 ++++++++++++++++------ 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'juick-www/src/main/java/com') diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 3c674d0c..d3aa9e81 100644 --- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -8,12 +8,13 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.authentication.RememberMeServices; +import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.annotation.Resource; @@ -66,11 +67,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .failureUrl("/login?error=1") .and() .rememberMe() - .tokenValiditySeconds(6 * 30 * 24 * 3600) - .alwaysRemember(true) - //.useSecureCookie(true) // TODO Enable if https is supports .rememberMeCookieDomain(webDomain).key(rememberMeKey) - .userDetailsService(userDetailsServiceBean()) + .rememberMeServices(rememberMeServices()) .and() .csrf().disable() .authenticationProvider(authenticationProvider()) @@ -87,8 +85,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { } @Bean - public HashParamAuthenticationFilter hashParamAuthenticationFilter() { - return new HashParamAuthenticationFilter(userService); + public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception { + return new HashParamAuthenticationFilter(userService, rememberMeServices()); + } + + @Bean + public RememberMeServices rememberMeServices() throws Exception { + TokenBasedRememberMeServices services = new TokenBasedRememberMeServices( + rememberMeKey, userDetailsServiceBean()); + + services.setCookieName("juick-remember-me"); + services.setCookieDomain(webDomain); + services.setAlwaysRemember(true); + services.setTokenValiditySeconds(6 * 30 * 24 * 3600); + services.setUseSecureCookie(false); // TODO set true if https is supports + + return services; } @Override -- cgit v1.2.3