Search in sources :

Example 6 with RememberMeAuthenticationException

use of org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException in project ArTEMiS by ls1intum.

the class PersistentTokenRememberMeServices method processAutoLoginCookie.

@Override
protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) {
    synchronized (this) {
        // prevent 2 authentication requests from the same user in parallel
        String login = null;
        UpgradedRememberMeToken upgradedToken = upgradedTokenCache.getIfPresent(cookieTokens[0]);
        if (upgradedToken != null) {
            login = upgradedToken.getUserLoginIfValidAndRecentUpgrade(cookieTokens);
            log.debug("Detected previously upgraded login token for user '{}'", login);
        }
        if (login == null) {
            PersistentToken token = getPersistentToken(cookieTokens);
            login = token.getUser().getLogin();
            // Token also matches, so login is valid. Update the token value, keeping the *same* series number.
            log.debug("Refreshing persistent login token for user '{}', series '{}'", login, token.getSeries());
            token.setTokenDate(LocalDate.now());
            token.setTokenValue(RandomUtil.generateTokenData());
            token.setIpAddress(request.getRemoteAddr());
            token.setUserAgent(request.getHeader("User-Agent"));
            try {
                persistentTokenRepository.saveAndFlush(token);
            } catch (DataAccessException e) {
                log.error("Failed to update token: ", e);
                throw new RememberMeAuthenticationException("Autologin failed due to data access problem", e);
            }
            addCookie(token, request, response);
            upgradedTokenCache.put(cookieTokens[0], new UpgradedRememberMeToken(cookieTokens, login));
        }
        return getUserDetailsService().loadUserByUsername(login);
    }
}
Also used : RememberMeAuthenticationException(org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException) PersistentToken(de.tum.in.www1.artemis.domain.PersistentToken) DataAccessException(org.springframework.dao.DataAccessException)

Aggregations

RememberMeAuthenticationException (org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException)6 PersistentToken (de.tum.in.www1.artemis.domain.PersistentToken)3 ProfileException (org.craftercms.profile.api.exceptions.ProfileException)3 InvalidCookieException (org.springframework.security.web.authentication.rememberme.InvalidCookieException)3 PersistentLogin (org.craftercms.profile.api.PersistentLogin)2 CookieTheftException (org.springframework.security.web.authentication.rememberme.CookieTheftException)2 DataAccessException (org.springframework.dao.DataAccessException)1 Transactional (org.springframework.transaction.annotation.Transactional)1