use of org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException in project ArTEMiS by ls1intum.
the class PersistentTokenRememberMeServices method processAutoLoginCookie.
@Override
protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) {
synchronized (this) {
// prevent 2 authentication requests from the same user in parallel
String login = null;
UpgradedRememberMeToken upgradedToken = upgradedTokenCache.getIfPresent(cookieTokens[0]);
if (upgradedToken != null) {
login = upgradedToken.getUserLoginIfValidAndRecentUpgrade(cookieTokens);
log.debug("Detected previously upgraded login token for user '{}'", login);
}
if (login == null) {
PersistentToken token = getPersistentToken(cookieTokens);
login = token.getUser().getLogin();
// Token also matches, so login is valid. Update the token value, keeping the *same* series number.
log.debug("Refreshing persistent login token for user '{}', series '{}'", login, token.getSeries());
token.setTokenDate(LocalDate.now());
token.setTokenValue(RandomUtil.generateTokenData());
token.setIpAddress(request.getRemoteAddr());
token.setUserAgent(request.getHeader("User-Agent"));
try {
persistentTokenRepository.saveAndFlush(token);
} catch (DataAccessException e) {
log.error("Failed to update token: ", e);
throw new RememberMeAuthenticationException("Autologin failed due to data access problem", e);
}
addCookie(token, request, response);
upgradedTokenCache.put(cookieTokens[0], new UpgradedRememberMeToken(cookieTokens, login));
}
return getUserDetailsService().loadUserByUsername(login);
}
}
Aggregations