|
@@ -109,6 +109,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
|
|
|
|
|
|
|
|
/**
|
|
/**
|
|
|
* Locates the Spring Security remember me cookie in the request and returns its value.
|
|
* Locates the Spring Security remember me cookie in the request and returns its value.
|
|
|
|
|
+ * The cookie is searched for by name and also by matching the context path to the cookie path.
|
|
|
*
|
|
*
|
|
|
* @param request the submitted request which is to be authenticated
|
|
* @param request the submitted request which is to be authenticated
|
|
|
* @return the cookie value (if present), null otherwise.
|
|
* @return the cookie value (if present), null otherwise.
|
|
@@ -120,8 +121,10 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
|
|
|
return null;
|
|
return null;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ String requiredPath = getCookiePath(request);
|
|
|
|
|
+
|
|
|
for (int i = 0; i < cookies.length; i++) {
|
|
for (int i = 0; i < cookies.length; i++) {
|
|
|
- if (cookieName.equals(cookies[i].getName())) {
|
|
|
|
|
|
|
+ if (cookieName.equals(cookies[i].getName()) && requiredPath.equals(cookies[i].getPath())) {
|
|
|
return cookies[i].getValue();
|
|
return cookies[i].getValue();
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
@@ -129,6 +132,11 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
|
|
|
return null;
|
|
return null;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ private String getCookiePath(HttpServletRequest request) {
|
|
|
|
|
+ String contextPath = request.getContextPath();
|
|
|
|
|
+ return contextPath.length() > 0 ? contextPath : "/";
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
/**
|
|
/**
|
|
|
* Creates the final <tt>Authentication</tt> object returned from the <tt>autoLogin</tt> method.
|
|
* Creates the final <tt>Authentication</tt> object returned from the <tt>autoLogin</tt> method.
|
|
|
* <p>
|
|
* <p>
|
|
@@ -295,7 +303,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
|
|
|
logger.debug("Cancelling cookie");
|
|
logger.debug("Cancelling cookie");
|
|
|
Cookie cookie = new Cookie(cookieName, null);
|
|
Cookie cookie = new Cookie(cookieName, null);
|
|
|
cookie.setMaxAge(0);
|
|
cookie.setMaxAge(0);
|
|
|
- cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");
|
|
|
|
|
|
|
+ cookie.setPath(getCookiePath(request));
|
|
|
|
|
|
|
|
response.addCookie(cookie);
|
|
response.addCookie(cookie);
|
|
|
}
|
|
}
|
|
@@ -312,7 +320,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
|
|
|
String cookieValue = encodeCookie(tokens);
|
|
String cookieValue = encodeCookie(tokens);
|
|
|
Cookie cookie = new Cookie(cookieName, cookieValue);
|
|
Cookie cookie = new Cookie(cookieName, cookieValue);
|
|
|
cookie.setMaxAge(maxAge);
|
|
cookie.setMaxAge(maxAge);
|
|
|
- cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");
|
|
|
|
|
|
|
+ cookie.setPath(getCookiePath(request));
|
|
|
cookie.setSecure(useSecureCookie);
|
|
cookie.setSecure(useSecureCookie);
|
|
|
response.addCookie(cookie);
|
|
response.addCookie(cookie);
|
|
|
}
|
|
}
|
Luke Taylor