org.broadleafcommerce.common.security

Class EnhancedTokenBasedRememberMeServices

java.lang.Object

org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

org.broadleafcommerce.common.security.EnhancedTokenBasedRememberMeServices

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.security.web.authentication.logout.LogoutHandler, org.springframework.security.web.authentication.RememberMeServices

public class EnhancedTokenBasedRememberMeServices
extends org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

This class adds additional features to the token based remember me services provided by Spring security. Specifically, we would like to be able to include the httpOnly parameter to cookie values that are generated by Broadleaf Commerce. Since the default implementation provided by Spring Security does not provide this additional functionality, we override here to use the CookieUtils in Broadleaf that will include the httpOnly value. Note - this class does not add httpOnly protection for session cookies. Adding httpOnly for session cookies is handled at the application container configuration level, if supported.

Author:

jfischer

Field Summary

Fields

Modifier and Type	Field and Description
protected CookieUtils	cookieUtils

Fields inherited from class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

DEFAULT_PARAMETER, logger, messages, SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, TWO_WEEKS_S

Constructor Summary

Constructors

Constructor and Description
EnhancedTokenBasedRememberMeServices() Deprecated.
EnhancedTokenBasedRememberMeServices(String key, org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Method Summary

Methods

Modifier and Type	Method and Description
protected void	setCookie(String[] tokens, int maxAge, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

Methods inherited from class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

calculateLoginLifetime, isTokenExpired, makeTokenSignature, onLoginSuccess, processAutoLoginCookie, retrievePassword, retrieveUserName

Methods inherited from class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

afterPropertiesSet, autoLogin, cancelCookie, createSuccessfulAuthentication, decodeCookie, encodeCookie, extractRememberMeCookie, getAuthenticationDetailsSource, getCookieName, getKey, getParameter, getTokenValiditySeconds, getUserDetailsService, loginFail, loginSuccess, logout, onLoginFail, rememberMeRequested, setAlwaysRemember, setAuthenticationDetailsSource, setAuthoritiesMapper, setCookieName, setKey, setParameter, setTokenValiditySeconds, setUserDetailsChecker, setUserDetailsService, setUseSecureCookie

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

cookieUtils

protected CookieUtils cookieUtils

Constructor Detail

EnhancedTokenBasedRememberMeServices

@Deprecated
public EnhancedTokenBasedRememberMeServices()

Deprecated.

EnhancedTokenBasedRememberMeServices

public EnhancedTokenBasedRememberMeServices(String key,
                                    org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Method Detail

setCookie

protected void setCookie(String[] tokens,
             int maxAge,
             javax.servlet.http.HttpServletRequest request,
             javax.servlet.http.HttpServletResponse response)

Overrides:

setCookie in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices