tokenbasedremembermeservices.java

acegi构造安全的java系统

							return null;
						}

						// By this stage we have a valid token
						if (logger.isDebugEnabled()) {
							logger.debug("Remember-me cookie accepted");
						}

						RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(this.key, userDetails,
								userDetails.getAuthorities());
						auth.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));

						return auth;
					}
					else {
						cancelCookie(request, response, "Cookie token did not contain 3 tokens; decoded value was '"
								+ cookieAsPlainText + "'");

						return null;
					}
				}
				else {
					cancelCookie(request, response, "Cookie token was not Base64 encoded; value was '" + cookieValue
							+ "'");

					return null;
				}
			}
		}

		return null;
	}

	/**
	 * @param tokenExpiryTime
	 * @param userDetails
	 * @return
	 */
	protected String makeTokenSignature(long tokenExpiryTime, UserDetails userDetails) {
		String expectedTokenSignature = DigestUtils.md5Hex(userDetails.getUsername() + ":" + tokenExpiryTime + ":"
				+ userDetails.getPassword() + ":" + this.key);
		return expectedTokenSignature;
	}

	protected boolean isValidUserDetails(HttpServletRequest request, HttpServletResponse response,
			UserDetails userDetails, String[] cookieTokens) {
		// Immediately reject if the user is not allowed to
		// login
		if (!userDetails.isAccountNonExpired() || !userDetails.isCredentialsNonExpired() || !userDetails.isEnabled()) {
			cancelCookie(request, response, "Cookie token[0] contained username '" + cookieTokens[0]
					+ "' but account has expired, credentials have expired, or user is disabled");

			return false;
		}
		return true;
	}

	protected UserDetails loadUserDetails(HttpServletRequest request, HttpServletResponse response,
			String[] cookieTokens) {
		UserDetails userDetails = null;

		try {
			userDetails = this.userDetailsService.loadUserByUsername(cookieTokens[0]);
		}
		catch (UsernameNotFoundException notFound) {
			cancelCookie(request, response, "Cookie token[0] contained username '" + cookieTokens[0]
					+ "' but was not found");

			return null;
		}
		return userDetails;
	}

	protected boolean isTokenExpired(long tokenExpiryTime) {
		// Check it has not expired
		if (tokenExpiryTime < System.currentTimeMillis()) {
			return true;
		}
		return false;
	}

	protected void cancelCookie(HttpServletRequest request, HttpServletResponse response, String reasonForLog) {
		if ((reasonForLog != null) && logger.isDebugEnabled()) {
			logger.debug("Cancelling cookie for reason: " + reasonForLog);
		}

		response.addCookie(makeCancelCookie(request));
	}

	public String getKey() {
		return key;
	}

	public String getParameter() {
		return parameter;
	}

	public long getTokenValiditySeconds() {
		return tokenValiditySeconds;
	}

	public UserDetailsService getUserDetailsService() {
		return userDetailsService;
	}

	public void loginFail(HttpServletRequest request, HttpServletResponse response) {
		cancelCookie(request, response, "Interactive authentication attempt was unsuccessful");
	}

	protected boolean rememberMeRequested(HttpServletRequest request, String parameter) {
		if (alwaysRemember) {
			return true;
		}

		return RequestUtils.getBooleanParameter(request, parameter, false);
	}

	public void loginSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication successfulAuthentication) {
		// Exit if the principal hasn't asked to be remembered
		if (!rememberMeRequested(request, parameter)) {
			if (logger.isDebugEnabled()) {
				logger.debug("Did not send remember-me cookie (principal did not set parameter '" + this.parameter
						+ "')");
			}

			return;
		}

		// Determine username and password, ensuring empty strings
		Assert.notNull(successfulAuthentication.getPrincipal());
		Assert.notNull(successfulAuthentication.getCredentials());

		String username = retrieveUserName(successfulAuthentication);
		String password = retrievePassword(successfulAuthentication);

		// If unable to find a username and password, just abort as
		// TokenBasedRememberMeServices unable to construct a valid token in
		// this case
		if (!StringUtils.hasLength(username) || !StringUtils.hasLength(password)) {
			return;
		}

		long expiryTime = System.currentTimeMillis() + (tokenValiditySeconds * 1000);

		// construct token to put in cookie; format is:
		// username + ":" + expiryTime + ":" + Md5Hex(username + ":" +
		// expiryTime + ":" + password + ":" + key)
		String signatureValue = DigestUtils.md5Hex(username + ":" + expiryTime + ":" + password + ":" + key);
		String tokenValue = username + ":" + expiryTime + ":" + signatureValue;
		String tokenValueBase64 = new String(Base64.encodeBase64(tokenValue.getBytes()));
		response.addCookie(makeValidCookie(tokenValueBase64, request, tokenValiditySeconds));

		if (logger.isDebugEnabled()) {
			logger
					.debug("Added remember-me cookie for user '" + username + "', expiry: '" + new Date(expiryTime)
							+ "'");
		}
	}

	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
		cancelCookie(request, response, "Logout of user "
				+ (authentication == null ? "Unknown" : authentication.getName()));
	}

	protected String retrieveUserName(Authentication successfulAuthentication) {
		if (isInstanceOfUserDetails(successfulAuthentication)) {
			return ((UserDetails) successfulAuthentication.getPrincipal()).getUsername();
		}
		else {
			return successfulAuthentication.getPrincipal().toString();
		}
	}

	protected String retrievePassword(Authentication successfulAuthentication) {
		if (isInstanceOfUserDetails(successfulAuthentication)) {
			return ((UserDetails) successfulAuthentication.getPrincipal()).getPassword();
		}
		else {
			return successfulAuthentication.getCredentials().toString();
		}
	}

	private boolean isInstanceOfUserDetails(Authentication authentication) {
		return authentication.getPrincipal() instanceof UserDetails;
	}

	protected Cookie makeCancelCookie(HttpServletRequest request) {
		Cookie cookie = new Cookie(cookieName, null);
		cookie.setMaxAge(0);
		cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");

		return cookie;
	}

	protected Cookie makeValidCookie(String tokenValueBase64, HttpServletRequest request, long maxAge) {
		Cookie cookie = new Cookie(cookieName, tokenValueBase64);
		cookie.setMaxAge(new Long(maxAge).intValue());
		cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");

		return cookie;
	}

	public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
		Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
		this.authenticationDetailsSource = authenticationDetailsSource;
	}

	public void setKey(String key) {
		this.key = key;
	}

	public void setParameter(String parameter) {
		this.parameter = parameter;
	}

	public void setCookieName(String cookieName) {
		this.cookieName = cookieName;
	}

	public void setTokenValiditySeconds(long tokenValiditySeconds) {
		this.tokenValiditySeconds = tokenValiditySeconds;
	}

	public void setUserDetailsService(UserDetailsService userDetailsService) {
		this.userDetailsService = userDetailsService;
	}

	public boolean isAlwaysRemember() {
		return alwaysRemember;
	}

	public void setAlwaysRemember(boolean alwaysRemember) {
		this.alwaysRemember = alwaysRemember;
	}

	public String getCookieName() {
		return cookieName;
	}

}