صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
github
/
spring-security
mirrorاز https://github.com/spring-projects/spring-security
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
فهرست منبع

SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.

Luke Taylor 16 سال پیش
والد
7fa9a959b5
کامیت
c2e688610c
1فایلهای تغییر یافته به همراه21 افزوده شده و 6 حذف شده
مشاهده تقسیم شده نمایش آمار تفاوت ها
  1. 21 6
      core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java

+ 21 - 6
core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java
مشاهده فایل 

@@ -107,19 +107,16 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
 
         logger.debug("Remember-me cookie accepted");
 
 
-        RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(key, user, user.getAuthorities());
 
-        auth.setDetails(authenticationDetailsSource.buildDetails(request));
 
-
 
-        return auth;
 
+        return createSuccessfulAuthentication(request, user);
 
     }
 
 
     /**
 
-     * Locates the Spring Security remember me cookie in the request.
 
+     * Locates the Spring Security remember me cookie in the request and returns its value.
 
      *
 
      * @param request the submitted request which is to be authenticated
 
      * @return the cookie value (if present), null otherwise.
 
      */
 
-    private String extractRememberMeCookie(HttpServletRequest request) {
 
+    protected String extractRememberMeCookie(HttpServletRequest request) {
 
         Cookie[] cookies = request.getCookies();
 
 
         if ((cookies == null) || (cookies.length == 0)) {
 
@@ -135,6 +132,24 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
         return null;
 
     }
 
 
+    /**
 
+     * Creates the final <tt>Authentication</tt> object returned from the <tt>autoLogin</tt> method.
 
+     * <p>
 
+     * By default it will create a <tt>RememberMeAuthenticationToken</tt> instance.
 
+     *
 
+     * @param request       the original request. The configured <tt>AuthenticationDetailsSource</tt> will
 
+     *                      use this to build the details property of the returned object.
 
+     * @param user          the <tt>UserDetails</tt> loaded from the <tt>UserDetailsService</tt>. This will be
 
+     *                      stored as the principal.
 
+     *
 
+     * @return the <tt>Authentication</tt> for the remember-me authenticated user
 
+     */
 
+    protected Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user) {
 
+        RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(key, user, user.getAuthorities());
 
+        auth.setDetails(authenticationDetailsSource.buildDetails(request));
 
+        return auth;
 
+    }
 
+
 
     /**
 
      * Decodes the cookie and splits it into a set of token strings using the ":" delimiter.
 
      *