public class TokenBasedRememberMeServices2
extends org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices
TokenBasedRememberMeServices with modification so as not to rely
on the user password being available.
This allows remember-me to work with security realms where the password is never available in clear text.
| Constructor and Description |
|---|
TokenBasedRememberMeServices2() |
| Modifier and Type | Method and Description |
|---|---|
org.acegisecurity.Authentication |
autoLogin(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
void |
loginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.acegisecurity.Authentication successfulAuthentication) |
protected javax.servlet.http.Cookie |
makeCancelCookie(javax.servlet.http.HttpServletRequest request) |
protected String |
makeTokenSignature(long tokenExpiryTime,
org.acegisecurity.userdetails.UserDetails userDetails) |
protected javax.servlet.http.Cookie |
makeValidCookie(String tokenValueBase64,
javax.servlet.http.HttpServletRequest request,
long maxAge) |
protected String |
retrievePassword(org.acegisecurity.Authentication successfulAuthentication) |
void |
setUserDetailsService(org.acegisecurity.userdetails.UserDetailsService userDetailsService)
Decorate
UserDetailsService so that we can use information stored in
LastGrantedAuthoritiesProperty. |
afterPropertiesSet, cancelCookie, getCookieName, getKey, getParameter, getTokenValiditySeconds, getUserDetailsService, isAlwaysRemember, isTokenExpired, isValidUserDetails, loadUserDetails, loginFail, logout, rememberMeRequested, retrieveUserName, setAlwaysRemember, setAuthenticationDetailsSource, setCookieName, setKey, setParameter, setTokenValiditySecondspublic void setUserDetailsService(org.acegisecurity.userdetails.UserDetailsService userDetailsService)
UserDetailsService so that we can use information stored in
LastGrantedAuthoritiesProperty.
We wrap by ImpersonatingUserDetailsService in other places too,
so this is possibly redundant, but there are many AbstractPasswordBasedSecurityRealm.loadUserByUsername(String)
implementations that do not do it, so doing it helps retrofit old plugins to benefit from
the user impersonation improvements. Plus multiple ImpersonatingUserDetailsService
do not incur any real performance penalty.setUserDetailsService in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServicesprotected String makeTokenSignature(long tokenExpiryTime, org.acegisecurity.userdetails.UserDetails userDetails)
makeTokenSignature in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServicesprotected String retrievePassword(org.acegisecurity.Authentication successfulAuthentication)
retrievePassword in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServicespublic void loginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.acegisecurity.Authentication successfulAuthentication)
loginSuccess in interface org.acegisecurity.ui.rememberme.RememberMeServicesloginSuccess in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServicespublic org.acegisecurity.Authentication autoLogin(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
autoLogin in interface org.acegisecurity.ui.rememberme.RememberMeServicesautoLogin in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServicesprotected javax.servlet.http.Cookie makeValidCookie(String tokenValueBase64, javax.servlet.http.HttpServletRequest request, long maxAge)
makeValidCookie in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServicesprotected javax.servlet.http.Cookie makeCancelCookie(javax.servlet.http.HttpServletRequest request)
makeCancelCookie in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServicesCopyright © 2004–2018. All rights reserved.