package com.juick.service.security; import com.juick.User; import com.juick.server.security.entities.JuickUser; import com.juick.service.UserService; import com.juick.util.UserUtils; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.env.Environment; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices; import org.springframework.security.web.authentication.rememberme.InvalidCookieException; import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException; import org.springframework.util.Assert; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Optional; /** * Created by aalexeev on 11/28/16. */ public class SimpleRememberMeServices extends AbstractRememberMeServices implements RememberMeServices { private static final Logger logger = LoggerFactory.getLogger(SimpleRememberMeServices.class); private final UserService userService; public SimpleRememberMeServices( final String key, final UserService userService, final Environment environment) { super(key, new NullUserDetailsService()); Assert.notNull(userService); Assert.notNull(environment); this.userService = userService; setCookieName(environment.getProperty("auth_cookie_name", "hash")); setCookieDomain(environment.getProperty("web_domain", "juick.com")); } @Override public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { super.logout(request, response, authentication); userService.deleteLoginForUser(authentication.getName()); } @Override protected void onLoginSuccess( HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) { String username = successfulAuthentication.getName(); logger.debug("Creating new persistent login for user {}", username); try { int uid = userService.getUIDbyName(username); Assert.isTrue(uid > 0); String hash = UserUtils.generateHash(16); userService.setLoginForUser(uid, hash); setCookie(new String[]{hash}, getTokenValiditySeconds(), request, response); } catch (Exception e) { logger.error("Failed to save cookies", e); } } @Override protected UserDetails processAutoLoginCookie( String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) throws RememberMeAuthenticationException, UsernameNotFoundException { String hash = cookieTokens[0]; if (StringUtils.isBlank(hash)) throw new InvalidCookieException("Cookie is invalid, cookies " + cookieTokens); int uid = userService.getUIDbyHash(cookieTokens[0]); if (uid <= 0) throw new UsernameNotFoundException("User not found bash hash, cookies" + cookieTokens); Optional userOptional = userService.getUserByUID(uid); Assert.isTrue(userOptional.isPresent()); return new JuickUser(userOptional.get()); } }