1.记住我功能
// 记住我功能参数:username,password,remember-me
public class RememberMeAuthenticationFilter {
// RememberMeServices接口方法
// Authentication autoLogin(HttpServletRequest var1, HttpServletResponse var2);
// void loginFail(HttpServletRequest var1, HttpServletResponse var2);
// void loginSuccess(HttpServletRequest var1, HttpServletResponse var2,
// Authentication var3);
// RememberMeServices实现类
// TokenBasedRememberMeServices
private RememberMeServices rememberMeServices;
public void doFilter(){
// SecurityContextHolder没有Authentication对象,则调用自动登陆
if (SecurityContextHolder.getContext().getAuthentication() == null) {
Authentication rememberMeAuth = this.rememberMeServices.autoLogin(request,
response)->{
// Cookie类属性name,value, maxAge,等
// 从请求中查找name为remember-me的cookie,并返回value
String rememberMeCookie = this.extractRememberMeCookie(request);
// 如果返回为null,则返回null
if (rememberMeCookie == null) {
return null;
}else{
// 向rememberMeCookie加(rememberMeCookie的长度%4)个=
// 利用Base64.getDecoder().decode(rememberMeCookie.getBytes())
// cookieTokens大小为3。
// cookieTokens[0]为用户名,cookieTokens[1]为过期时间
String[] cookieTokens = this.decodeCookie(rememberMeCookie);
//
user = this.processAutoLoginCookie(cookieTokens, request, response)-
>{
tokenExpiryTime = new Long(cookieTokens[1]);
if (tokenExpiryTime < System.currentTimeMillis()){
throw new InvalidCookieException();
}else{
// 根据用户名拿到内存或数据库中的用户对象
UserDetails userDetails =
this.getUserDetailsService().loadUserByUse
rname(cookieTokens[0]);
// data=用户名:过期日期:密码:固定uuid
// 用md5 dui data进行签名,然后用HEX进行编码,
// 最后newString(data) 输出
String expectedTokenSignature =
this.makeTokenSignature(tokenExpiryTime,
userDetails.getUsername(), userDetails.getPasswo
rd());
}
};
}
}
};
}
// 勾选记住我后,会在认证成功后向响应中放入cookie,其名称remember-me
public void onLoginSuccess(Authentication successfulAuthentication){
int tokenLifetime = 1209600;(两周)
// 当前系统的时间
long expiryTime = System.currentTimeMillis();
// 过期日期为两周
expiryTime += 1000*1209600;
String signatureValue = this.makeTokenSignature(expiryTime, username, password);
// 用户名:过期时间:签名方法
// 对其进行base64编码
// 去掉两个=
//
setCookie(new String[]{username, Long.toString(expiryTime), signatureValue}, tokenLifetime, request, response)->{
Cookie cookie = new Cookie(this.cookieName, cookieValue);
cookie.setMaxAge(maxAge);
cookie.setPath(this.getCookiePath(request));
response.addCookie(cookie);
};
}
}