cbeams · June 25, 2015 18:48
diff --git a/remember-me.diff b/remember-me.diff
 commit fd9078803a46a058a97608e1ebae02cc448d8a9a
 Author: Chris Beams <[email protected]>
 Date:   Thu Jun 25 17:24:21 2015 +0200

    Enable remember me authentication

 diff --git src/main/java/myapp/config/SecurityConfig.java src/main/java/myapp/config/SecurityConfig.java
 index 979ccf4..1e31a77 100644
 --- src/main/java/myapp/config/SecurityConfig.java
 +++ src/main/java/myapp/config/SecurityConfig.java
 @@ -5,12 +5,17 @@ import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 +import org.springframework.core.env.Environment;
 +import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 +import org.springframework.security.web.authentication.RememberMeServices;
 +import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
 +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.csrf.CsrfFilter;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.CsrfTokenRepository;
 @@ -32,17 +37,23 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     private static Pattern safeMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
 
 +    private static String rememberMeKey = "redacted";
 +
 +    @Autowired
 +    private Environment env;
 +
     @Autowired
     private UserDetailsService userDetailsService;
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http //@formatter:off
 +            .httpBasic()
 +                .addObjectPostProcessor(new RememberMeProcessor(rememberMeServices()));
 +        http
             .headers()
                 .cacheControl().disable()
                 .and()
 -            .httpBasic()
 -                .and()
             .authorizeRequests()
                 .antMatchers("/api/users").permitAll()
                 .requestMatchers(this::unsafeHttpMethods).authenticated()
 @@ -51,12 +62,25 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {
             .csrf()
                 .csrfTokenRepository(csrfTokenRepository())
                 .and()
 +            .rememberMe()
 +                .key(rememberMeKey)
 +                .rememberMeServices(rememberMeServices())
 +                .and()
             .logout()
                 .logoutUrl("/signout")
                 .logoutSuccessUrl("/api/principal?signedout")
         ;    //@formatter:on
     }
 
 +    @Bean
 +    public RememberMeServices rememberMeServices() throws Exception {
 +        TokenBasedRememberMeServices rms = new TokenBasedRememberMeServices(rememberMeKey, userDetailsService);
 +        rms.setAlwaysRemember(true);
 +        rms.setCookieName("signin");
 +        rms.setUseSecureCookie(env.acceptsProfiles("cloud"));
 +        return rms;
 +    }
 +
     @Override
     public void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth
 @@ -100,4 +124,21 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {
             filterChain.doFilter(request, response);
         }
     }
 +
 +
 +    static class RememberMeProcessor implements ObjectPostProcessor<Object> {
 +
 +        private final RememberMeServices rememberMeServices;
 +
 +        private RememberMeProcessor(RememberMeServices rememberMeServices) {
 +            this.rememberMeServices = rememberMeServices;
 +        }
 +
 +        @Override
 +        public <T> T postProcess(T object) {
 +            if (object instanceof BasicAuthenticationFilter)
 +                ((BasicAuthenticationFilter) object).setRememberMeServices(rememberMeServices);
 +            return object;
 +        }
 +    }
 }
 diff --git src/main/resources/application.yml src/main/resources/application.yml
 index 043bca7..6fe4334 100644
 --- src/main/resources/application.yml
 +++ src/main/resources/application.yml
 @@ -3,6 +3,7 @@ spring.jpa.hibernate.ddl-auto: validate
 logging.level.root: WARN
 logging.level.myapp: INFO
 logging.level.org.springframework: WARN
 +logging.level.org.springframework.security.web.authentication.rememberme: DEBUG
 logging.level.org.hibernate.SQL: WARN
 
 server.tomcat.compression: on
	commit fd9078803a46a058a97608e1ebae02cc448d8a9a
	Author: Chris Beams <[email protected]>
	Date: Thu Jun 25 17:24:21 2015 +0200

	Enable remember me authentication

	diff --git src/main/java/myapp/config/SecurityConfig.java src/main/java/myapp/config/SecurityConfig.java
	index 979ccf4..1e31a77 100644
	--- src/main/java/myapp/config/SecurityConfig.java
	+++ src/main/java/myapp/config/SecurityConfig.java
	@@ -5,12 +5,17 @@ import org.springframework.boot.autoconfigure.security.SecurityProperties;
	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;
	import org.springframework.core.annotation.Order;
	+import org.springframework.core.env.Environment;
	+import org.springframework.security.config.annotation.ObjectPostProcessor;
	import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
	import org.springframework.security.config.annotation.web.builders.HttpSecurity;
	import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
	import org.springframework.security.core.userdetails.UserDetailsService;
	import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
	import org.springframework.security.crypto.password.PasswordEncoder;
	+import org.springframework.security.web.authentication.RememberMeServices;
	+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
	+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
	import org.springframework.security.web.csrf.CsrfFilter;
	import org.springframework.security.web.csrf.CsrfToken;
	import org.springframework.security.web.csrf.CsrfTokenRepository;
	@@ -32,17 +37,23 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {

	private static Pattern safeMethods = Pattern.compile("^(GET\|HEAD\|TRACE\|OPTIONS)$");

	+ private static String rememberMeKey = "redacted";
	+
	+ @Autowired
	+ private Environment env;
	+
	@Autowired
	private UserDetailsService userDetailsService;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http //@formatter:off
	+ .httpBasic()
	+ .addObjectPostProcessor(new RememberMeProcessor(rememberMeServices()));
	+ http
	.headers()
	.cacheControl().disable()
	.and()
	- .httpBasic()
	- .and()
	.authorizeRequests()
	.antMatchers("/api/users").permitAll()
	.requestMatchers(this::unsafeHttpMethods).authenticated()
	@@ -51,12 +62,25 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {
	.csrf()
	.csrfTokenRepository(csrfTokenRepository())
	.and()
	+ .rememberMe()
	+ .key(rememberMeKey)
	+ .rememberMeServices(rememberMeServices())
	+ .and()
	.logout()
	.logoutUrl("/signout")
	.logoutSuccessUrl("/api/principal?signedout")
	; //@formatter:on
	}

	+ @Bean
	+ public RememberMeServices rememberMeServices() throws Exception {
	+ TokenBasedRememberMeServices rms = new TokenBasedRememberMeServices(rememberMeKey, userDetailsService);
	+ rms.setAlwaysRemember(true);
	+ rms.setCookieName("signin");
	+ rms.setUseSecureCookie(env.acceptsProfiles("cloud"));
	+ return rms;
	+ }
	+
	@Override
	public void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth
	@@ -100,4 +124,21 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {
	filterChain.doFilter(request, response);
	}
	}
	+
	+
	+ static class RememberMeProcessor implements ObjectPostProcessor<Object> {
	+
	+ private final RememberMeServices rememberMeServices;
	+
	+ private RememberMeProcessor(RememberMeServices rememberMeServices) {
	+ this.rememberMeServices = rememberMeServices;
	+ }
	+
	+ @Override
	+ public <T> T postProcess(T object) {
	+ if (object instanceof BasicAuthenticationFilter)
	+ ((BasicAuthenticationFilter) object).setRememberMeServices(rememberMeServices);
	+ return object;
	+ }
	+ }
	}
	diff --git src/main/resources/application.yml src/main/resources/application.yml
	index 043bca7..6fe4334 100644
	--- src/main/resources/application.yml
	+++ src/main/resources/application.yml
	@@ -3,6 +3,7 @@ spring.jpa.hibernate.ddl-auto: validate
	logging.level.root: WARN
	logging.level.myapp: INFO
	logging.level.org.springframework: WARN
	+logging.level.org.springframework.security.web.authentication.rememberme: DEBUG
	logging.level.org.hibernate.SQL: WARN

	server.tomcat.compression: on