cbeams/remember-me.diff

## remember-me.diff
commit fd9078803a46a058a97608e1ebae02cc448d8a9a
Author: Chris Beams <chris@beams.io>
Date:   Thu Jun 25 17:24:21 2015 +0200

    Enable remember me authentication

diff --git src/main/java/myapp/config/SecurityConfig.java src/main/java/myapp/config/SecurityConfig.java
index 979ccf4..1e31a77 100644
--- src/main/java/myapp/config/SecurityConfig.java
+++ src/main/java/myapp/config/SecurityConfig.java
@@ -5,12 +5,17 @@ import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
+import org.springframework.core.env.Environment;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.csrf.CsrfFilter;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.CsrfTokenRepository;
@@ -32,17 +37,23 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {

     private static Pattern safeMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");

+    private static String rememberMeKey = "redacted";
+
+    @Autowired
+    private Environment env;
+
     @Autowired
     private UserDetailsService userDetailsService;

     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http //@formatter:off
+            .httpBasic()
+                .addObjectPostProcessor(new RememberMeProcessor(rememberMeServices()));
+        http
             .headers()
                 .cacheControl().disable()
                 .and()
-            .httpBasic()
-                .and()
             .authorizeRequests()
                 .antMatchers("/api/users").permitAll()
                 .requestMatchers(this::unsafeHttpMethods).authenticated()
@@ -51,12 +62,25 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {
             .csrf()
                 .csrfTokenRepository(csrfTokenRepository())
                 .and()
+            .rememberMe()
+                .key(rememberMeKey)
+                .rememberMeServices(rememberMeServices())
+                .and()
             .logout()
                 .logoutUrl("/signout")
                 .logoutSuccessUrl("/api/principal?signedout")
         ;    //@formatter:on
     }

+    @Bean
+    public RememberMeServices rememberMeServices() throws Exception {
+        TokenBasedRememberMeServices rms = new TokenBasedRememberMeServices(rememberMeKey, userDetailsService);
+        rms.setAlwaysRemember(true);
+        rms.setCookieName("signin");
+        rms.setUseSecureCookie(env.acceptsProfiles("cloud"));
+        return rms;
+    }
+
     @Override
     public void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth
@@ -100,4 +124,21 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {
             filterChain.doFilter(request, response);
         }
     }
+
+
+    static class RememberMeProcessor implements ObjectPostProcessor<Object> {
+
+        private final RememberMeServices rememberMeServices;
+
+        private RememberMeProcessor(RememberMeServices rememberMeServices) {
+            this.rememberMeServices = rememberMeServices;
+        }
+
+        @Override
+        public <T> T postProcess(T object) {
+            if (object instanceof BasicAuthenticationFilter)
+                ((BasicAuthenticationFilter) object).setRememberMeServices(rememberMeServices);
+            return object;
+        }
+    }
 }
diff --git src/main/resources/application.yml src/main/resources/application.yml
index 043bca7..6fe4334 100644
--- src/main/resources/application.yml
+++ src/main/resources/application.yml
@@ -3,6 +3,7 @@ spring.jpa.hibernate.ddl-auto: validate
 logging.level.root: WARN
 logging.level.myapp: INFO
 logging.level.org.springframework: WARN
+logging.level.org.springframework.security.web.authentication.rememberme: DEBUG
 logging.level.org.hibernate.SQL: WARN

 server.tomcat.compression: on
	commit fd9078803a46a058a97608e1ebae02cc448d8a9a
	Author: Chris Beams <chris@beams.io>
	Date: Thu Jun 25 17:24:21 2015 +0200

	Enable remember me authentication

	diff --git src/main/java/myapp/config/SecurityConfig.java src/main/java/myapp/config/SecurityConfig.java
	index 979ccf4..1e31a77 100644
	--- src/main/java/myapp/config/SecurityConfig.java
	+++ src/main/java/myapp/config/SecurityConfig.java
	@@ -5,12 +5,17 @@ import org.springframework.boot.autoconfigure.security.SecurityProperties;
	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;
	import org.springframework.core.annotation.Order;
	+import org.springframework.core.env.Environment;
	+import org.springframework.security.config.annotation.ObjectPostProcessor;
	import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
	import org.springframework.security.config.annotation.web.builders.HttpSecurity;
	import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
	import org.springframework.security.core.userdetails.UserDetailsService;
	import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
	import org.springframework.security.crypto.password.PasswordEncoder;
	+import org.springframework.security.web.authentication.RememberMeServices;
	+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
	+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
	import org.springframework.security.web.csrf.CsrfFilter;
	import org.springframework.security.web.csrf.CsrfToken;
	import org.springframework.security.web.csrf.CsrfTokenRepository;
	@@ -32,17 +37,23 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {

	private static Pattern safeMethods = Pattern.compile("^(GET\|HEAD\|TRACE\|OPTIONS)$");

	+ private static String rememberMeKey = "redacted";
	+
	+ @Autowired
	+ private Environment env;
	+
	@Autowired
	private UserDetailsService userDetailsService;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http //@formatter:off
	+ .httpBasic()
	+ .addObjectPostProcessor(new RememberMeProcessor(rememberMeServices()));
	+ http
	.headers()
	.cacheControl().disable()
	.and()
	- .httpBasic()
	- .and()
	.authorizeRequests()
	.antMatchers("/api/users").permitAll()
	.requestMatchers(this::unsafeHttpMethods).authenticated()
	@@ -51,12 +62,25 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {
	.csrf()
	.csrfTokenRepository(csrfTokenRepository())
	.and()
	+ .rememberMe()
	+ .key(rememberMeKey)
	+ .rememberMeServices(rememberMeServices())
	+ .and()
	.logout()
	.logoutUrl("/signout")
	.logoutSuccessUrl("/api/principal?signedout")
	; //@formatter:on
	}

	+ @Bean
	+ public RememberMeServices rememberMeServices() throws Exception {
	+ TokenBasedRememberMeServices rms = new TokenBasedRememberMeServices(rememberMeKey, userDetailsService);
	+ rms.setAlwaysRemember(true);
	+ rms.setCookieName("signin");
	+ rms.setUseSecureCookie(env.acceptsProfiles("cloud"));
	+ return rms;
	+ }
	+
	@Override
	public void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth
	@@ -100,4 +124,21 @@ class SecurityConfig extends WebSecurityConfigurerAdapter {
	filterChain.doFilter(request, response);
	}
	}
	+
	+
	+ static class RememberMeProcessor implements ObjectPostProcessor<Object> {
	+
	+ private final RememberMeServices rememberMeServices;
	+
	+ private RememberMeProcessor(RememberMeServices rememberMeServices) {
	+ this.rememberMeServices = rememberMeServices;
	+ }
	+
	+ @Override
	+ public <T> T postProcess(T object) {
	+ if (object instanceof BasicAuthenticationFilter)
	+ ((BasicAuthenticationFilter) object).setRememberMeServices(rememberMeServices);
	+ return object;
	+ }
	+ }
	}
	diff --git src/main/resources/application.yml src/main/resources/application.yml
	index 043bca7..6fe4334 100644
	--- src/main/resources/application.yml
	+++ src/main/resources/application.yml
	@@ -3,6 +3,7 @@ spring.jpa.hibernate.ddl-auto: validate
	logging.level.root: WARN
	logging.level.myapp: INFO
	logging.level.org.springframework: WARN
	+logging.level.org.springframework.security.web.authentication.rememberme: DEBUG
	logging.level.org.hibernate.SQL: WARN

	server.tomcat.compression: on