package com.juick.service.security.deprecated; import com.juick.User; import com.juick.service.security.entities.JuickUser; import com.juick.service.UserService; import com.juick.service.security.NullUserDetailsService; import org.apache.commons.lang3.StringUtils; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices; import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException; import org.springframework.util.Assert; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Created by aalexeev on 11/30/16. * * @deprecated for security reasons */ @Deprecated public class RequestParamHashRememberMeServices extends AbstractRememberMeServices implements RememberMeServices { private static final String PARAM_NAME = "hash"; private final UserService userService; public RequestParamHashRememberMeServices(String key, UserService userService) { super(key, new NullUserDetailsService()); Assert.notNull(userService); this.userService = userService; setAlwaysRemember(false); } @Override protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) { // do nothing } @Override protected boolean rememberMeRequested(HttpServletRequest request, String parameter) { return false; // always false } @Override protected void cancelCookie(HttpServletRequest request, HttpServletResponse response) { // do nothing } @Override protected String extractRememberMeCookie(HttpServletRequest request) { return PARAM_NAME; // return any not blank value } @Override protected UserDetails processAutoLoginCookie( String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) throws RememberMeAuthenticationException, UsernameNotFoundException { String hash = request.getParameter(PARAM_NAME); if (StringUtils.isNotBlank(hash)) { User user = userService.getUserByHash(hash); if (user.getUid() > 0) return new JuickUser(user); } throw new UsernameNotFoundException("User not found by hash " + hash); } }