@Override
protected void onLoginSuccess(
HttpServletRequest request,
HttpServletResponse response,
Authentication successfulAuthentication) {
String username = successfulAuthentication.getName();
logger.debug("Creating new persistent login for user {}", username);
String ip = getUserIPAddress(request);
IPPersistentRememberMeToken persistentToken =
new IPPersistentRememberMeToken(
username, generateSeriesData(), generateTokenData(), new Date(), ip);
try {
tokenRepository.createNewToken(persistentToken);
addCookie(persistentToken, request, response);
} catch (DataAccessException e) {
logger.error("Failed to save persistent token ", e);
}
}
@Override
protected UserDetails processAutoLoginCookie(
String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) {
if (bindingIP) {
String ip = getUserIPAddress(request);
final String presentedSeries = cookieTokens[0];
IPPersistentRememberMeToken token =
(IPPersistentRememberMeToken) tokenRepository.getTokenForSeries(presentedSeries);
if (token == null) {
// No series match, so we can't authenticate using this cookie
throw new RememberMeAuthenticationException(
"No persistent token found for series id: " + presentedSeries);
}
if (!ip.equals(token.getIpAddress())) {
throw new InvalidCookieException(
"Cookie IP Address did not contain a matching IP (contained '" + ip + "')");
}
}
return super.processAutoLoginCookie(cookieTokens, request, response);
}