org.broadleafcommerce.common.security
Class EnhancedTokenBasedRememberMeServices

java.lang.Object
  org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
      org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
          org.broadleafcommerce.common.security.EnhancedTokenBasedRememberMeServices

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.security.web.authentication.logout.LogoutHandler, org.springframework.security.web.authentication.RememberMeServices

public class EnhancedTokenBasedRememberMeServices
extends org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

This class adds additional features to the token based remember me services provided by Spring security. Specifically, we would like to be able to include the httpOnly parameter to cookie values that are generated by Broadleaf Commerce. Since the default implementation provided by Spring Security does not provide this additional functionality, we override here to use the CookieUtils in Broadleaf that will include the httpOnly value. Note - this class does not add httpOnly protection for session cookies. Adding httpOnly for session cookies is handled at the application container configuration level, if supported.

Author:

jfischer

Field Summary

protected CookieUtils

cookieUtils

Fields inherited from class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

DEFAULT_PARAMETER, logger, messages, SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, TWO_WEEKS_S

Constructor Summary

EnhancedTokenBasedRememberMeServices()
Deprecated.

EnhancedTokenBasedRememberMeServices(String key, org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Method Summary

protected void

setCookie(String[] tokens, int maxAge, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

Methods inherited from class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

calculateLoginLifetime, isTokenExpired, makeTokenSignature, onLoginSuccess, processAutoLoginCookie, retrievePassword, retrieveUserName

Methods inherited from class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

afterPropertiesSet, autoLogin, cancelCookie, createSuccessfulAuthentication, decodeCookie, encodeCookie, extractRememberMeCookie, getAuthenticationDetailsSource, getCookieName, getKey, getParameter, getTokenValiditySeconds, getUserDetailsService, loginFail, loginSuccess, logout, onLoginFail, rememberMeRequested, setAlwaysRemember, setAuthenticationDetailsSource, setAuthoritiesMapper, setCookieName, setKey, setParameter, setTokenValiditySeconds, setUserDetailsChecker, setUserDetailsService, setUseSecureCookie

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

cookieUtils

protected CookieUtils cookieUtils

Constructor Detail

EnhancedTokenBasedRememberMeServices

@Deprecated
public EnhancedTokenBasedRememberMeServices()

Deprecated.

EnhancedTokenBasedRememberMeServices

public EnhancedTokenBasedRememberMeServices(String key,
                                            org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Method Detail

setCookie

protected void setCookie(String[] tokens,
                         int maxAge,
                         javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response)

Overrides:

setCookie in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices