public void setRememberMeCookie(
      String principal,
      HttpServletResponse httpServletResponse,
      HttpServletRequest httpServletRequest) {
    if (!isRememberMeEnabled()) {
      return;
    }

    try {
      CookieSettings settings = securitySystem.getPolicy().getRememberMeCookieSettings();
      int timeout = settings.getCookieTimeout();
      KeyManager keyManager = securitySystem.getKeyManager();
      AuthenticationKey authkey = keyManager.createKey(principal, "Remember Me Key", timeout);

      Cookie cookie =
          createCookie(
              REMEMBER_ME_KEY,
              authkey.getKey(),
              settings.getDomain(),
              settings.getPath(),
              httpServletRequest);
      if (timeout > 0) {
        cookie.setMaxAge(timeout);
      }
      httpServletResponse.addCookie(cookie);

    } catch (KeyManagerException e) {
      log.warn("Unable to set remember me cookie.");
    }
  }
  public void setSignonCookie(
      String principal,
      HttpServletResponse httpServletResponse,
      HttpServletRequest httpServletRequest) {
    try {
      CookieSettings settings = securitySystem.getPolicy().getSignonCookieSettings();
      int timeout = settings.getCookieTimeout();
      KeyManager keyManager = securitySystem.getKeyManager();
      AuthenticationKey authkey = keyManager.createKey(principal, "Signon Session Key", timeout);

      /* The path must remain as "/" in order for SSO to work on installations where the only
       * all of the servers are installed into the same web container but under different
       * web contexts.
       */
      Cookie cookie =
          createCookie(
              SIGNON_KEY,
              authkey.getKey(),
              settings.getDomain(),
              settings.getPath(),
              httpServletRequest);
      if (timeout > 0) {
        cookie.setMaxAge(timeout);
      }
      httpServletResponse.addCookie(cookie);

    } catch (KeyManagerException e) {
      log.warn("Unable to set single sign on cookie.");
    }
  }
  public AuthenticationKey getRememberMeKey(
      HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
    if (!isRememberMeEnabled()) {
      return null;
    }

    Cookie rememberMeCookie = getCookie(httpServletRequest, REMEMBER_ME_KEY);

    if (rememberMeCookie == null) {
      log.debug("Remember Me Cookie Not Found: {}", REMEMBER_ME_KEY);
      return null;
    }

    // Found user with a remember me key.
    String providedKey = rememberMeCookie.getValue();

    log.debug("Found remember me cookie : {}", providedKey);

    CookieSettings settings = securitySystem.getPolicy().getRememberMeCookieSettings();
    return findAuthKey(
        REMEMBER_ME_KEY,
        providedKey,
        settings.getDomain(),
        settings.getPath(),
        httpServletResponse,
        httpServletRequest);
  }
 public void removeSignonCookie(
     HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
   CookieSettings settings = securitySystem.getPolicy().getSignonCookieSettings();
   removeCookie(
       httpServletResponse,
       httpServletRequest,
       SIGNON_KEY,
       settings.getDomain(),
       settings.getPath());
 }
 public void removeRememberMeCookie(
     HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
   CookieSettings settings = securitySystem.getPolicy().getRememberMeCookieSettings();
   removeCookie(
       httpServletResponse,
       httpServletRequest,
       REMEMBER_ME_KEY,
       settings.getDomain(),
       settings.getPath());
 }
  private AuthenticationKey findAuthKey(
      String cookieName,
      String providedKey,
      String domain,
      String path,
      HttpServletResponse httpServletResponse,
      HttpServletRequest httpServletRequest) {
    try {
      AuthenticationKey authkey = securitySystem.getKeyManager().findKey(providedKey);

      log.debug("Found AuthKey: {}", authkey);

      return authkey;
    } catch (KeyNotFoundException e) {
      log.info("Invalid AuthenticationKey {} submitted. Invalidating cookie.", providedKey);

      // Invalid Cookie.  Remove it.
      removeCookie(httpServletResponse, httpServletRequest, cookieName, domain, path);
    } catch (KeyManagerException e) {
      log.error("KeyManagerException: {}", e.getMessage(), e);
    }

    return null;
  }
  public AuthenticationKey getSignonKey(
      HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
    Cookie ssoCookie = getCookie(httpServletRequest, SIGNON_KEY);

    if (ssoCookie == null) {
      log.debug("Single Sign On Cookie Not Found: {}", SIGNON_KEY);
      return null;
    }

    // Found user with a single sign on key.

    String providedKey = ssoCookie.getValue();

    log.debug("Found sso cookie : {}", providedKey);

    CookieSettings settings = securitySystem.getPolicy().getSignonCookieSettings();
    return findAuthKey(
        SIGNON_KEY,
        providedKey,
        settings.getDomain(),
        settings.getPath(),
        httpServletResponse,
        httpServletRequest);
  }
 public boolean isRememberMeEnabled() {
   return securitySystem.getPolicy().getRememberMeCookieSettings().isEnabled();
 }