本文整理汇总了Java中org.springframework.security.web.authentication.rememberme.InvalidCookieException类的典型用法代码示例。如果您正苦于以下问题:Java InvalidCookieException类的具体用法?Java InvalidCookieException怎么用?Java InvalidCookieException使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
InvalidCookieException类属于org.springframework.security.web.authentication.rememberme包,在下文中一共展示了InvalidCookieException类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: logout
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* When logout occurs, only invalidate the current token, and not all user sessions.
* <p/>
* The standard Spring Security implementations are too basic: they invalidate all tokens for the
* current user, so when he logs out from one browser, all his other sessions are destroyed.
*/
@Override
@Transactional
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
String rememberMeCookie = extractRememberMeCookie(request);
if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
try {
String[] cookieTokens = decodeCookie(rememberMeCookie);
Token token = getPersistentToken(cookieTokens);
tokenRepo.delete(token.getSeries());
} catch (InvalidCookieException ice) {
log.info("Invalid cookie, no persistent token could be deleted");
} catch (RememberMeAuthenticationException rmae) {
log.debug("No persistent token found, so no token could be deleted");
}
}
super.logout(request, response, authentication);
}
示例2: logout
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* When logout occurs, only invalidate the current token, and not all user sessions.
* <p/>
* The standard Spring Security implementations are too basic: they invalidate all tokens for the
* current user, so when he logs out from one browser, all his other sessions are destroyed.
*/
@Override
@Transactional
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
String rememberMeCookie = extractRememberMeCookie(request);
if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
try {
String[] cookieTokens = decodeCookie(rememberMeCookie);
PersistentToken token = getPersistentToken(cookieTokens);
persistentTokenRepository.delete(token);
} catch (InvalidCookieException ice) {
log.info("Invalid cookie, no persistent token could be deleted");
} catch (RememberMeAuthenticationException rmae) {
log.debug("No persistent token found, so no token could be deleted");
}
}
super.logout(request, response, authentication);
}
示例3: logout
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* When logout occurs, only invalidate the current token, and not all user sessions.
* <p/>
* The standard Spring Security implementations are too basic: they invalidate all tokens for the current user, so when he logs out from one browser, all his other sessions are destroyed.
*/
@Override
@Transactional
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
String rememberMeCookie = extractRememberMeCookie(request);
if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
try {
String[] cookieTokens = decodeCookie(rememberMeCookie);
Token token = getPersistentToken(cookieTokens);
persistentTokenService.delete(token);
} catch (InvalidCookieException ice) {
LOGGER.info("Invalid cookie, no persistent token could be deleted");
} catch (RememberMeAuthenticationException rmae) {
LOGGER.debug("No persistent token found, so no token could be deleted");
}
}
super.logout(request, response, authentication);
}
示例4: decodeCookie
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
protected String[] decodeCookie(String cookieValue) throws InvalidCookieException {
for (int j = 0; j < cookieValue.length() % 4; j++) {
cookieValue = cookieValue + "=";
}
if (!Base64.isBase64(cookieValue.getBytes())) {
throw new InvalidCookieException("Cookie token was not Base64 encoded; value was '" + cookieValue + "'");
}
String cookieAsPlainText = new String(Base64.decodeBase64(cookieValue.getBytes()));
String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, DELIMITER);
if ((tokens[0].equalsIgnoreCase("http") || tokens[0].equalsIgnoreCase("https")) && tokens[1].startsWith("//")) {
// Assume we've accidentally split a URL (OpenID identifier)
String[] newTokens = new String[tokens.length - 1];
newTokens[0] = tokens[0] + ":" + tokens[1];
System.arraycopy(tokens, 2, newTokens, 1, newTokens.length - 1);
tokens = newTokens;
}
return tokens;
}
示例5: logout
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* When logout occurs, only invalidate the current token, and not all user
* sessions.
* <p/>
* The standard Spring Security implementations are too basic: they
* invalidate all tokens for the current user, so when he logs out from one
* browser, all his other sessions are destroyed.
*/
@Override
@Transactional
public void logout(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) {
String rememberMeCookie = extractRememberMeCookie(request);
if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
try {
String[] cookieTokens = decodeCookie(rememberMeCookie);
PersistentToken token = getPersistentToken(cookieTokens);
persistentTokenRepository.delete(token);
} catch (InvalidCookieException ice) {
log.info("Invalid cookie, no persistent token could be deleted");
} catch (RememberMeAuthenticationException rmae) {
log.debug("No persistent token found, so no token could be deleted");
}
}
super.logout(request, response, authentication);
}
示例6: logout
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* When logout occurs, only invalidate the current token, and not all user sessions.
* <p/>
* The standard Spring Security implementations are too basic: they invalidate all
* tokens for the current user, so when he logs out from one browser, all his other
* sessions are destroyed.
*/
@Override
public void logout(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) {
String rememberMeCookie = extractRememberMeCookie(request);
if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
try {
String[] cookieTokens = decodeCookie(rememberMeCookie);
removePersistentLogin(getPersistentToken(cookieTokens));
}
catch (InvalidCookieException ice) {
Application.logger
.info("Invalid cookie, no persistent token could be deleted");
}
catch (RememberMeAuthenticationException rmae) {
Application.logger
.debug("No persistent token found, so no token could be deleted");
}
}
super.logout(request, response, authentication);
}
示例7: logout
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* When logout occurs, only invalidate the current token, and not all user sessions. <p/> The standard Spring Security
* implementations are too basic: they invalidate all tokens for the current user, so when he logs out from one browser,
* all his other sessions are destroyed.
*/
@Override
@Transactional
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
String rememberMeCookie = extractRememberMeCookie(request);
if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
try {
String[] cookieTokens = decodeCookie(rememberMeCookie);
PersistentToken token = getPersistentToken(cookieTokens);
persistentTokenRepository.delete(token);
} catch (InvalidCookieException ice) {
log.info("Invalid cookie, no persistent token could be deleted");
} catch (RememberMeAuthenticationException rmae) {
log.debug("No persistent token found, so no token could be deleted");
}
}
super.logout(request, response, authentication);
}
示例8: logout
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* <p>
* When logout occurs, only invalidate the current token, and not all user sessions.
* </p>
* The standard Spring Security implementations are too basic: they invalidate all tokens for the current user, so when he logs out from one browser, all
* his other sessions are destroyed.
*
* @param request
* the http request
* @param response
* the http response
* @param authentication
* the authentication
*/
@Override
@Transactional
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
final String rememberMeCookie = extractRememberMeCookie(request);
if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
try {
final String[] cookieTokens = decodeCookie(rememberMeCookie);
final PersistentToken token = getPersistentToken(cookieTokens);
persistentTokenRepository.delete(token);
} catch (final InvalidCookieException ice) {
log.info("Invalid cookie, no persistent token could be deleted");
} catch (final RememberMeAuthenticationException rmae) {
log.debug("No persistent token found, so no token could be deleted");
}
}
super.logout(request, response, authentication);
}
示例9: processAutoLoginCookie
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
@Override
protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) {
try {
setContext(request);
// take off the last token
String ipAddressToken =
cookieTokens[cookieTokens.length - 1];
if (!getUserIPAddress(request).equals(ipAddressToken)) {
throw new InvalidCookieException("Cookie IP Address did not contain a matching IP (contained '" + ipAddressToken + "')");
}
return super.processAutoLoginCookie(Arrays.copyOf(cookieTokens,
cookieTokens.length - 1), request, response);
} finally {
setContext(null);
}
}
示例10: decodeCookie
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
@Override
protected String[] decodeCookie(String cookieValue) throws InvalidCookieException {
try {
Claims claims = Jwts.parser()
.setSigningKey(getKey())
.parseClaimsJws(cookieValue)
.getBody();
return new String[] { claims.getId(), claims.getSubject() };
} catch (JwtException e) {
LOGGER.warn(e.getMessage());
throw new InvalidCookieException(e.getMessage());
}
}
开发者ID:springuni,项目名称:springuni-particles,代码行数:15,代码来源:PersistentJwtTokenBasedRememberMeServices.java
示例11: getPersistentToken
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* Validate the token and return it.
*/
private Token getPersistentToken(String[] cookieTokens) {
if (cookieTokens.length != 2) {
throw new InvalidCookieException("Cookie token did not contain " + 2 +
" tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
}
final String presentedSeries = cookieTokens[0];
final String presentedToken = cookieTokens[1];
Token token = null;
try {
token = tokenRepo.findOne(presentedSeries);
} catch (DataAccessException e) {
log.error("Error to access database", e );
}
if (token == null) {
// No series match, so we can't authenticate using this cookie
throw new RememberMeAuthenticationException("No persistent token found for series id: " + presentedSeries);
}
// We have a match for this user/series combination
log.info("presentedToken={} / tokenValue={}", presentedToken, token.getValue());
if (!presentedToken.equals(token.getValue())) {
// Token doesn't match series value. Delete this session and throw an exception.
tokenRepo.delete(token.getSeries());
throw new CookieTheftException("Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.");
}
if (DateUtils.addDays(token.getDate(), TOKEN_VALIDITY_DAYS).before(new Date())) {
tokenRepo.delete(token.getSeries());
throw new RememberMeAuthenticationException("Remember-me login has expired");
}
return token;
}
示例12: getPersistentToken
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* Validate the token and return it.
*/
private PersistentToken getPersistentToken(String[] cookieTokens) {
if (cookieTokens.length != 2) {
throw new InvalidCookieException("Cookie token did not contain " + 2 +
" tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
}
String presentedSeries = cookieTokens[0];
String presentedToken = cookieTokens[1];
PersistentToken token = persistentTokenRepository.findOne(presentedSeries);
if (token == null) {
// No series match, so we can't authenticate using this cookie
throw new RememberMeAuthenticationException("No persistent token found for series id: " + presentedSeries);
}
// We have a match for this user/series combination
log.info("presentedToken={} / tokenValue={}", presentedToken, token.getTokenValue());
if (!presentedToken.equals(token.getTokenValue())) {
// Token doesn't match series value. Delete this session and throw an exception.
persistentTokenRepository.delete(token);
throw new CookieTheftException("Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.");
}
if (token.getTokenDate().plusDays(TOKEN_VALIDITY_DAYS).isBefore(LocalDate.now())) {
persistentTokenRepository.delete(token);
throw new RememberMeAuthenticationException("Remember-me login has expired");
}
return token;
}
示例13: getPersistentToken
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* Validate the token and return it.
*/
private Token getPersistentToken(String[] cookieTokens) {
if (cookieTokens.length != 2) {
throw new InvalidCookieException("Cookie token did not contain " + 2 + " tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
}
final String presentedSeries = cookieTokens[0];
final String presentedToken = cookieTokens[1];
Token token = persistentTokenService.getPersistentToken(presentedSeries);
if (token == null) {
// No series match, so we can't authenticate using this cookie
throw new RememberMeAuthenticationException("No persistent token found for series id: " + presentedSeries);
}
// We have a match for this user/series combination
if (!presentedToken.equals(token.getTokenValue())) {
// This could be caused by the opportunity window where the token just has been refreshed, but
// has not been put into the token cache yet. Invalidate the token and refetch and it the new token value from the db is now returned.
token = persistentTokenService.getPersistentToken(presentedSeries, true); // Note the 'true' here, which invalidates the cache before fetching
if (!presentedToken.equals(token.getTokenValue())) {
// Token doesn't match series value. Delete this session and throw an exception.
persistentTokenService.delete(token);
throw new CookieTheftException("Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.");
}
}
if (new Date().getTime() - token.getTokenDate().getTime() > tokenMaxAgeInMilliseconds) {
throw new RememberMeAuthenticationException("Remember-me login has expired");
}
return token;
}
示例14: getPersistentToken
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* Validate the token and return it.
*/
private PersistentToken getPersistentToken(String[] cookieTokens) {
if (cookieTokens.length != 2) {
throw new InvalidCookieException("Cookie token did not contain " + 2 +
" tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
}
String presentedSeries = cookieTokens[0];
String presentedToken = cookieTokens[1];
PersistentToken token = persistentTokenRepository.findOne(presentedSeries);
if (token == null) {
// No series match, so we can't authenticate using this cookie
throw new RememberMeAuthenticationException("No persistent token found for series id: " + presentedSeries);
}
// We have a match for this user/series combination
log.info("presentedToken={} / tokenValue={}", presentedToken, token.getTokenValue());
if (!presentedToken.equals(token.getTokenValue())) {
// Token doesn't match series value. Delete this session and throw an exception.
persistentTokenRepository.delete(token);
throw new CookieTheftException("Invalid remember-me token (Series/token) mismatch. Implies previous " +
"cookie theft attack.");
}
if (token.getTokenDate().plusDays(TOKEN_VALIDITY_DAYS).isBefore(LocalDate.now())) {
persistentTokenRepository.delete(token);
throw new RememberMeAuthenticationException("Remember-me login has expired");
}
return token;
}
开发者ID:TransparencyInternationalEU,项目名称:lobbycal,代码行数:33,代码来源:CustomPersistentRememberMeServices.java
示例15: getPersistentToken
import org.springframework.security.web.authentication.rememberme.InvalidCookieException; //导入依赖的package包/类
/**
* Validate the token and return it.
*/
private PersistentToken getPersistentToken(final String[] cookieTokens) {
if (cookieTokens.length != 2) {
throw new InvalidCookieException("Cookie token did not contain " + 2 + " tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
}
String presentedSeries = cookieTokens[0];
String presentedToken = cookieTokens[1];
PersistentToken token = persistentTokenRepository.findOne(presentedSeries);
if (token == null) {
// No series match, so we can't authenticate using this cookie
throw new RememberMeAuthenticationException("No persistent token found for series id: " + presentedSeries);
}
// We have a match for this user/series combination
log.info("presentedToken={} / tokenValue={}", presentedToken, token.getTokenValue());
if (!presentedToken.equals(token.getTokenValue())) {
// Token doesn't match series value. Delete this session and throw
// an exception.
persistentTokenRepository.delete(token);
throw new CookieTheftException("Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.");
}
if (token.getTokenDate().plusDays(TOKEN_VALIDITY_DAYS).isBefore(LocalDate.now())) {
persistentTokenRepository.delete(token);
throw new RememberMeAuthenticationException("Remember-me login has expired");
}
return token;
}