javax.security.enterprise.credential.RememberMeCredential Java Examples

The following examples show how to use javax.security.enterprise.credential.RememberMeCredential. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JwtRememberMeIdentityStore.java    From javaee8-jaxrs-sample with GNU General Public License v3.0 5 votes vote down vote up 
@Override
public CredentialValidationResult validate(RememberMeCredential rememberMeCredential) {
    try {
        if (tokenProvider.validateToken(rememberMeCredential.getToken())) {
            JwtCredential credential = tokenProvider.getCredential(rememberMeCredential.getToken());
            return new CredentialValidationResult(credential.getPrincipal(), credential.getAuthorities());
        }
        // if token invalid, response with invalid result status
        return INVALID_RESULT;
    } catch (ExpiredJwtException eje) {
        LOGGER.log(Level.INFO, "Security exception for user {0} - {1}", new Object[]{eje.getClaims().getSubject(), eje.getMessage()});
        return INVALID_RESULT;
    }
}
Example #2
Source File: RememberMeInterceptor.java    From tomee with Apache License 2.0 5 votes vote down vote up 
private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws Exception {
    final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];

    final RememberMe rememberMe = getRememberMe();
    final Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), rememberMe.cookieName());

    if (cookie.isPresent()) {
        final RememberMeCredential rememberMeCredential = new RememberMeCredential(cookie.get().getValue());
        final CredentialValidationResult validate = rememberMeIdentityStore.get().validate(rememberMeCredential);

        if (VALID.equals(validate.getStatus())) {
            return httpMessageContext.notifyContainerAboutLogin(validate);
        } else {
            cookie.get().setMaxAge(0);
            httpMessageContext.getResponse().addCookie(cookie.get());
        }
    }

    final AuthenticationStatus status = (AuthenticationStatus) invocationContext.proceed();

    if (SUCCESS.equals(status) && rememberMe.isRememberMe()) {
        final CallerPrincipal principal = new CallerPrincipal(httpMessageContext.getCallerPrincipal().getName());
        final Set<String> groups = httpMessageContext.getGroups();
        final String loginToken = rememberMeIdentityStore.get().generateLoginToken(principal, groups);

        final Cookie rememberMeCookie = new Cookie(rememberMe.cookieName(), loginToken);
        rememberMeCookie.setMaxAge(rememberMe.cookieMaxAgeSeconds());
        rememberMeCookie.setHttpOnly(rememberMe.cookieHttpOnly());
        rememberMeCookie.setSecure(rememberMe.cookieSecureOnly());
        httpMessageContext.getResponse().addCookie(rememberMeCookie);
    }

    return status;
}
Example #3
Source File: CustomRememberMeIdentityStore.java    From javaee8-jsf-sample with GNU General Public License v3.0 4 votes vote down vote up 
@Override
public CredentialValidationResult validate(RememberMeCredential credential) {
    return users.findByLoginToken(credential.getToken(), REMEMBER_ME)
            .map(u -> new CredentialValidationResult(new CallerPrincipal(u.getUsername()), u.getRoles()))
            .orElse(INVALID_RESULT);
}
Example #4
Source File: RememberMeIdentityStore.java    From tomee with Apache License 2.0 votes vote down vote up 
CredentialValidationResult validate(RememberMeCredential credential);