Package org.springframework.security.web.authentication.rememberme

Examples of org.springframework.security.web.authentication.rememberme.CookieTheftException

170
171
172
173
174
175
176
177
178
179
180
        // We have a match for this user/series combination
        log.info("presentedToken={} / tokenValue={}", presentedToken, token.getTokenValue());
        if (!presentedToken.equals(token.getTokenValue())) {
            // Token doesn't match series value. Delete this session and throw an exception.
            persistentTokenRepository.delete(token);
            throw new CookieTheftException("Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.");
        }

        if (token.getTokenDate().plusDays(TOKEN_VALIDITY_DAYS).isBefore(LocalDate.now())) {
            persistentTokenRepository.delete(token);
            throw new RememberMeAuthenticationException("Remember-me login has expired");
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
          if(tokenSignature==null||!tokenSignature.equals(token.getTokenValue())){
//          if (!presentedToken.equals(token.getTokenValue())) {
              // Token doesn't match series value. Delete all logins for this user and throw an exception to warn them.
              tokenRepository.removeUserTokens(token.getUsername());

              throw new CookieTheftException(messages.getMessage("PersistentTokenBasedRememberMeServices.cookieStolen",
                      "Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack."));
          }

          if (token.getDate().getTime() + getTokenValiditySeconds()*1000L < System.currentTimeMillis()) {
              throw new RememberMeAuthenticationException("Remember-me login has expired");
View Full Code Here
170
171
172
173
174
175
176
177
178
179
180
        // We have a match for this user/series combination
        log.info("presentedToken={} / tokenValue={}", presentedToken, token.getTokenValue());
        if (!presentedToken.equals(token.getTokenValue())) {
            // Token doesn't match series value. Delete this session and throw an exception.
            persistentTokenRepository.delete(token);
            throw new CookieTheftException("Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.");
        }

        if (token.getTokenDate().plusDays(TOKEN_VALIDITY_DAYS).isBefore(LocalDate.now())) {
            persistentTokenRepository.delete(token);
            throw new RememberMeAuthenticationException("Remember-me login has expired");
View Full Code Here
TOP

Related Classes of org.springframework.security.web.authentication.rememberme.CookieTheftException

  • com.mycompany.myapp.security.CustomPersistentRememberMeServices
  • com.narirelays.ems.security.PersistentIPTokenBasedRememberMeServices
  • CustomPersistentRememberMeServices
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.