hudson.security

Class TokenBasedRememberMeServices2

java.lang.Object

org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

hudson.security.TokenBasedRememberMeServices2

All Implemented Interfaces:

org.acegisecurity.ui.logout.LogoutHandler, org.acegisecurity.ui.rememberme.RememberMeServices, org.springframework.beans.factory.InitializingBean

public class TokenBasedRememberMeServices2
extends org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

TokenBasedRememberMeServices with modification so as not to rely on the user password being available.

This allows remember-me to work with security realms where the password is never available in clear text.

Author:

Kohsuke Kawaguchi

Field Summary

Fields inherited from class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, authenticationDetailsSource, DEFAULT_PARAMETER, logger, tokenValiditySeconds

Constructor Summary

Constructors

Constructor and Description
TokenBasedRememberMeServices2()

Method Summary

Modifier and Type	Method and Description
org.acegisecurity.Authentication	autoLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
void	loginSuccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.acegisecurity.Authentication successfulAuthentication)
protected String	makeTokenSignature(long tokenExpiryTime, org.acegisecurity.userdetails.UserDetails userDetails)
protected javax.servlet.http.Cookie	makeValidCookie(String tokenValueBase64, javax.servlet.http.HttpServletRequest request, long maxAge)
protected String	retrievePassword(org.acegisecurity.Authentication successfulAuthentication)
void	setUserDetailsService(org.acegisecurity.userdetails.UserDetailsService userDetailsService) Decorate UserDetailsService so that we can use information stored in LastGrantedAuthoritiesProperty.

Methods inherited from class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

afterPropertiesSet, cancelCookie, getCookieName, getKey, getParameter, getTokenValiditySeconds, getUserDetailsService, isAlwaysRemember, isTokenExpired, isValidUserDetails, loadUserDetails, loginFail, logout, makeCancelCookie, rememberMeRequested, retrieveUserName, setAlwaysRemember, setAuthenticationDetailsSource, setCookieName, setKey, setParameter, setTokenValiditySeconds

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TokenBasedRememberMeServices2

public TokenBasedRememberMeServices2()

Method Detail

setUserDetailsService

public void setUserDetailsService(org.acegisecurity.userdetails.UserDetailsService userDetailsService)

Decorate UserDetailsService so that we can use information stored in LastGrantedAuthoritiesProperty. We wrap by ImpersonatingUserDetailsService in other places too, so this is possibly redundant, but there are many AbstractPasswordBasedSecurityRealm.loadUserByUsername(String) implementations that do not do it, so doing it helps retrofit old plugins to benefit from the user impersonation improvements. Plus multiple ImpersonatingUserDetailsService do not incur any real performance penalty.

Overrides:

setUserDetailsService in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

makeTokenSignature

protected String makeTokenSignature(long tokenExpiryTime,
                                    org.acegisecurity.userdetails.UserDetails userDetails)

Overrides:

makeTokenSignature in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

retrievePassword

protected String retrievePassword(org.acegisecurity.Authentication successfulAuthentication)

Overrides:

retrievePassword in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

loginSuccess

public void loginSuccess(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         org.acegisecurity.Authentication successfulAuthentication)

Specified by:

loginSuccess in interface org.acegisecurity.ui.rememberme.RememberMeServices

Overrides:

loginSuccess in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

autoLogin

public org.acegisecurity.Authentication autoLogin(javax.servlet.http.HttpServletRequest request,
                                                  javax.servlet.http.HttpServletResponse response)

Specified by:

autoLogin in interface org.acegisecurity.ui.rememberme.RememberMeServices

Overrides:

autoLogin in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

makeValidCookie

protected javax.servlet.http.Cookie makeValidCookie(String tokenValueBase64,
                                                    javax.servlet.http.HttpServletRequest request,
                                                    long maxAge)

Overrides:

makeValidCookie in class org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices