egovframework.rfc3.iam.security.authentication.rememberme
Class AbstractRememberMeServices

java.lang.Object
  extended by egovframework.rfc3.iam.security.authentication.rememberme.AbstractRememberMeServices
All Implemented Interfaces:
RFC3RememberMeServices, org.springframework.beans.factory.InitializingBean, org.springframework.security.web.authentication.logout.LogoutHandler
Direct Known Subclasses:
PersistentTokenBasedRememberMeServices, TokenBasedRememberMeServices

public abstract class AbstractRememberMeServices
extends java.lang.Object
implements RFC3RememberMeServices, org.springframework.beans.factory.InitializingBean, org.springframework.security.web.authentication.logout.LogoutHandler

Base class for RememberMeServices implementations.

Since:
2.0
Author:
Luke Taylor

Field Summary
static java.lang.String DEFAULT_PARAMETER
           
static java.lang.String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY
           
static int TWO_WEEKS_S
           
 
Constructor Summary
AbstractRememberMeServices()
           
 
Method Summary
 void afterPropertiesSet()
           
 org.springframework.security.core.Authentication autoLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method.
 java.lang.String extractRememberMeCookie(javax.servlet.http.HttpServletRequest request)
          Locates the Spring Security remember me cookie in the request and returns its value.
 java.lang.String getKey()
           
 java.lang.String getParameter()
           
 void loginFail(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
 void loginSuccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication successfulAuthentication)
          Examines the incoming request and checks for the presence of the configured "remember me" parameter.
 void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)
          Implementation of LogoutHandler.
 org.springframework.security.core.Authentication onCookiesValidate(java.lang.String cookieName, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          실시간 쿠기 인증 검사
 void setAlwaysRemember(boolean alwaysRemember)
           
 void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource authenticationDetailsSource)
           
 void setCookieName(java.lang.String cookieName)
           
 void setKey(java.lang.String key)
           
 void setParameter(java.lang.String parameter)
          Sets the name of the parameter which should be checked for to see if a remember-me has been requested during a login request.
 void setTokenValiditySeconds(int tokenValiditySeconds)
           
 void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
           
 void setUseSecureCookie(boolean useSecureCookie)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY

public static final java.lang.String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY
See Also:
Constant Field Values

DEFAULT_PARAMETER

public static final java.lang.String DEFAULT_PARAMETER
See Also:
Constant Field Values

TWO_WEEKS_S

public static final int TWO_WEEKS_S
See Also:
Constant Field Values
Constructor Detail

AbstractRememberMeServices

public AbstractRememberMeServices()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception
Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Throws:
java.lang.Exception

autoLogin

public final org.springframework.security.core.Authentication autoLogin(javax.servlet.http.HttpServletRequest request,
                                                                        javax.servlet.http.HttpServletResponse response)
Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method.

The returned username is then used to load the UserDetails object for the user, which in turn is used to create a valid authentication token.

Specified by:
autoLogin in interface RFC3RememberMeServices
Parameters:
request - to look for a remember-me token within
response - to change, cancel or modify the remember-me token
Returns:
a valid authentication object, or null if the request should not be authenticated

onCookiesValidate

public final org.springframework.security.core.Authentication onCookiesValidate(java.lang.String cookieName,
                                                                                javax.servlet.http.HttpServletRequest request,
                                                                                javax.servlet.http.HttpServletResponse response)
실시간 쿠기 인증 검사

Specified by:
onCookiesValidate in interface RFC3RememberMeServices
Returns:

extractRememberMeCookie

public java.lang.String extractRememberMeCookie(javax.servlet.http.HttpServletRequest request)
Locates the Spring Security remember me cookie in the request and returns its value. The cookie is searched for by name and also by matching the context path to the cookie path.

Parameters:
request - the submitted request which is to be authenticated
Returns:
the cookie value (if present), null otherwise.

loginFail

public final void loginFail(javax.servlet.http.HttpServletRequest request,
                            javax.servlet.http.HttpServletResponse response)
Description copied from interface: RFC3RememberMeServices
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid. Implementations should invalidate any and all remember-me tokens indicated in the HttpServletRequest.

Specified by:
loginFail in interface RFC3RememberMeServices
Parameters:
request - that contained an invalid authentication request
response - to change, cancel or modify the remember-me token

loginSuccess

public final void loginSuccess(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response,
                               org.springframework.security.core.Authentication successfulAuthentication)
Examines the incoming request and checks for the presence of the configured "remember me" parameter. If it's present, or if alwaysRemember is set to true, calls onLoginSucces.

Specified by:
loginSuccess in interface RFC3RememberMeServices
Parameters:
request - that contained the valid authentication request
response - to change, cancel or modify the remember-me token
successfulAuthentication - representing the successfully authenticated principal

logout

public void logout(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   org.springframework.security.core.Authentication authentication)
Implementation of LogoutHandler. Default behaviour is to call cancelCookie().

Specified by:
logout in interface org.springframework.security.web.authentication.logout.LogoutHandler

setCookieName

public void setCookieName(java.lang.String cookieName)

setAlwaysRemember

public void setAlwaysRemember(boolean alwaysRemember)

setParameter

public void setParameter(java.lang.String parameter)
Sets the name of the parameter which should be checked for to see if a remember-me has been requested during a login request. This should be the same name you assign to the checkbox in your login form.

Parameters:
parameter - the HTTP request parameter

getParameter

public java.lang.String getParameter()

setUserDetailsService

public void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

setKey

public void setKey(java.lang.String key)

getKey

public java.lang.String getKey()

setTokenValiditySeconds

public void setTokenValiditySeconds(int tokenValiditySeconds)

setUseSecureCookie

public void setUseSecureCookie(boolean useSecureCookie)

setAuthenticationDetailsSource

public void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource authenticationDetailsSource)