Package com.flowable.engage.rest.service.api.conversation.anonymous.security

Class DefaultAnonymousConversationServices

java.lang.Object
com.flowable.engage.rest.service.api.conversation.anonymous.security.DefaultAnonymousConversationServices
All Implemented Interfaces:
AnonymousConversationServices, org.springframework.beans.factory.InitializingBean, org.springframework.security.web.authentication.logout.LogoutHandler
public class DefaultAnonymousConversationServices
extends java.lang.Object
implements AnonymousConversationServices, org.springframework.security.web.authentication.logout.LogoutHandler, org.springframework.beans.factory.InitializingBean
Author:
Filip Hrisafov

  • Field Summary

    Fields 
    Modifier and Type Field Description
    protected AnonymousConversationProvider anonymousConversationProvider  
    protected org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,​?> authenticationDetailsSource  
    protected org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper  
    protected ConversationService conversationService  
    protected java.lang.String cookieDomain  
    protected int cookieMaxAgeInSeconds  
    protected java.lang.String cookieName  
    protected static java.lang.String DELIMITER  
    protected java.lang.String key  
    protected org.slf4j.Logger logger  
    protected org.springframework.security.core.userdetails.UserDetailsChecker userDetailsChecker  

  • Constructor Summary

    Constructors 
    Constructor Description
    DefaultAnonymousConversationServices​(ConversationService conversationService, java.lang.String key, AnonymousConversationProvider anonymousConversationProvider)  

  • Method Summary

    Modifier and Type Method Description
    protected void addCookie​(java.lang.String conversationId, java.lang.String userId, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
    void afterPropertiesSet()  
    org.springframework.security.core.Authentication autoLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
    protected static byte[] bytesUtf8​(java.lang.String s)  
    protected void cancelCookie​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.
    protected Conversation createConversation​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
    protected java.lang.String createSignature​(java.lang.String userId, java.lang.String conversationId)  
    protected org.springframework.security.core.Authentication createSuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request, org.springframework.security.core.userdetails.UserDetails user)
    Creates the final Authentication object returned from the autoLogin method.
    protected org.springframework.security.core.userdetails.UserDetails createUserDetails​(java.lang.String userId, Conversation conversation)  
    protected java.lang.String[] decodeCookie​(java.lang.String cookieValue)
    Decodes the cookie and splits it into a set of token strings using the ":" delimiter.
    protected java.lang.String encodeCookie​(java.lang.String[] cookieTokens)
    Inverse operation of decodeCookie.
    protected static boolean equals​(java.lang.String expected, java.lang.String actual)
    Constant time comparison to prevent against timing attacks.
    protected java.lang.String extractAnonymousConversationCookie​(javax.servlet.http.HttpServletRequest request)
    Locates the Spring Security remember me cookie in the request and returns its value.
    org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,​?> getAuthenticationDetailsSource()  
    org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper getAuthoritiesMapper()  
    java.lang.String getCookieDomain()  
    int getCookieMaxAgeInSeconds()  
    java.lang.String getCookieName()  
    java.lang.String getKey()  
    protected ConversationHolder getOrCreateConversation​(java.lang.String userId, java.lang.String conversationId, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
    ConversationHolder getOrCreateConversation​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
    org.springframework.security.core.userdetails.UserDetailsChecker getUserDetailsChecker()  
    void loginFail​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
    void loginSuccess​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)  
    void logout​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)  
    protected void onLoginFail​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
    protected org.springframework.security.core.userdetails.UserDetails processAutoLoginCookie​(java.lang.String[] cookieTokens, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Called from autoLogin to process the submitted persistent login cookie.
    protected void processCreatedConversation​(Conversation conversation, java.lang.String userId, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
    void setAuthenticationDetailsSource​(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,​?> authenticationDetailsSource)  
    void setAuthoritiesMapper​(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)  
    protected void setCookie​(java.lang.String[] tokens, int maxAge, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Sets the cookie on the response.
    void setCookieDomain​(java.lang.String cookieDomain)  
    void setCookieMaxAge​(java.time.Duration duration)  
    void setCookieName​(java.lang.String cookieName)  
    void setKey​(java.lang.String key)  
    void setUserDetailsChecker​(org.springframework.security.core.userdetails.UserDetailsChecker userDetailsChecker)  

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet() throws java.lang.Exception
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Throws:
      java.lang.Exception

    • autoLogin

      public org.springframework.security.core.Authentication autoLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Specified by:
      autoLogin in interface AnonymousConversationServices

    • extractAnonymousConversationCookie

      protected java.lang.String extractAnonymousConversationCookie​(javax.servlet.http.HttpServletRequest request)
      Locates the Spring Security remember me cookie in the request and returns its value. The cookie is searched for by name and also by matching the context path to the cookie path.
      Parameters:
      request - the submitted request which is to be authenticated
      Returns:
      the cookie value (if present), null otherwise.

    • createSuccessfulAuthentication

      protected org.springframework.security.core.Authentication createSuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request, org.springframework.security.core.userdetails.UserDetails user)
      Creates the final Authentication object returned from the autoLogin method.

      By default it will create a RememberMeAuthenticationToken instance.

      Parameters:
      request - the original request. The configured AuthenticationDetailsSource will use this to build the details property of the returned object.
      user - the UserDetails loaded from the processAutoLoginCookie. This will be stored as the principal.
      Returns:
      the Authentication for the remember-me authenticated user

    • decodeCookie

      protected java.lang.String[] decodeCookie​(java.lang.String cookieValue) throws InvalidCookieException
      Decodes the cookie and splits it into a set of token strings using the ":" delimiter.
      Parameters:
      cookieValue - the value obtained from the submitted cookie
      Returns:
      the array of tokens.
      Throws:
      InvalidCookieException - if the cookie was not base64 encoded.

    • encodeCookie

      protected java.lang.String encodeCookie​(java.lang.String[] cookieTokens)
      Inverse operation of decodeCookie.
      Parameters:
      cookieTokens - the tokens to be encoded.
      Returns:
      base64 encoding of the tokens concatenated with the ":" delimiter.

    • loginFail

      public void loginFail​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Specified by:
      loginFail in interface AnonymousConversationServices

    • onLoginFail

      protected void onLoginFail​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

    • loginSuccess

      public void loginSuccess​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)
      Specified by:
      loginSuccess in interface AnonymousConversationServices

    • getOrCreateConversation

      public ConversationHolder getOrCreateConversation​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Specified by:
      getOrCreateConversation in interface AnonymousConversationServices

    • getOrCreateConversation

      protected ConversationHolder getOrCreateConversation​(java.lang.String userId, java.lang.String conversationId, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

    • processCreatedConversation

      protected void processCreatedConversation​(Conversation conversation, java.lang.String userId, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

    • createConversation

      protected Conversation createConversation​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

    • addCookie

      protected void addCookie​(java.lang.String conversationId, java.lang.String userId, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

    • logout

      public void logout​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)
      Specified by:
      logout in interface org.springframework.security.web.authentication.logout.LogoutHandler

    • processAutoLoginCookie

      protected org.springframework.security.core.userdetails.UserDetails processAutoLoginCookie​(java.lang.String[] cookieTokens, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws org.springframework.security.core.userdetails.UsernameNotFoundException
      Called from autoLogin to process the submitted persistent login cookie. Subclasses should validate the cookie and perform any additional management required.
      Parameters:
      cookieTokens - the decoded and tokenized cookie value
      request - the request
      response - the response, to allow the cookie to be modified if required.
      Returns:
      the UserDetails for the corresponding user account if the cookie was validated successfully.
      Throws:
      org.springframework.security.core.userdetails.UsernameNotFoundException

    • createSignature

      protected java.lang.String createSignature​(java.lang.String userId, java.lang.String conversationId)

    • createUserDetails

      protected org.springframework.security.core.userdetails.UserDetails createUserDetails​(java.lang.String userId, Conversation conversation)

    • cancelCookie

      protected void cancelCookie​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.

    • setCookie

      protected void setCookie​(java.lang.String[] tokens, int maxAge, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Sets the cookie on the response.

      By default a secure cookie will be used if the connection is secure. You can set the useSecureCookie property to false to override this. If you set it to true, the cookie will always be flagged as secure. If Servlet 3.0 is used, the cookie will be marked as HttpOnly.

      Parameters:
      tokens - the tokens which will be encoded to make the cookie value.
      maxAge - the value passed to Cookie.setMaxAge(int)
      request - the request
      response - the response to add the cookie to.

    • getCookieName

      public java.lang.String getCookieName()

    • setCookieName

      public void setCookieName​(java.lang.String cookieName)

    • getCookieDomain

      public java.lang.String getCookieDomain()

    • setCookieDomain

      public void setCookieDomain​(java.lang.String cookieDomain)

    • getKey

      public java.lang.String getKey()

    • setKey

      public void setKey​(java.lang.String key)

    • getCookieMaxAgeInSeconds

      public int getCookieMaxAgeInSeconds()

    • setCookieMaxAge

      public void setCookieMaxAge​(java.time.Duration duration)

    • getUserDetailsChecker

      public org.springframework.security.core.userdetails.UserDetailsChecker getUserDetailsChecker()

    • setUserDetailsChecker

      public void setUserDetailsChecker​(org.springframework.security.core.userdetails.UserDetailsChecker userDetailsChecker)

    • getAuthenticationDetailsSource

      public org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,​?> getAuthenticationDetailsSource()

    • setAuthenticationDetailsSource

      public void setAuthenticationDetailsSource​(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,​?> authenticationDetailsSource)

    • getAuthoritiesMapper

      public org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper getAuthoritiesMapper()

    • setAuthoritiesMapper

      public void setAuthoritiesMapper​(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)

    • equals

      protected static boolean equals​(java.lang.String expected, java.lang.String actual)
      Constant time comparison to prevent against timing attacks.

    • bytesUtf8

      protected static byte[] bytesUtf8​(java.lang.String s)