diff --git a/core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java b/core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java
index 4f56158e50..5554e80661 100644
--- a/core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java
+++ b/core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java
@@ -264,28 +264,40 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
protected abstract UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
HttpServletResponse response) throws RememberMeAuthenticationException, UsernameNotFoundException;
+ /**
+ * Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.
+ *
+ * @param request
+ * @param response
+ */
protected void cancelCookie(HttpServletRequest request, HttpServletResponse response) {
logger.debug("Cancelling cookie");
-
- response.addCookie(makeCancelCookie(request));
- }
-
- protected Cookie makeCancelCookie(HttpServletRequest request) {
Cookie cookie = new Cookie(cookieName, null);
cookie.setMaxAge(0);
cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");
- return cookie;
+ response.addCookie(cookie);
}
- protected Cookie makeValidCookie(String value, HttpServletRequest request, int maxAge) {
- Cookie cookie = new Cookie(cookieName, value);
+ /**
+ * Sets the cookie on the response
+ *
+ * @param tokens the tokens which will be encoded to make the cookie value.
+ * @param maxAge the value passed to {@link Cookie#setMaxAge(int)}
+ * @param request the request
+ * @param response the response to add the cookie to.
+ */
+ protected void setCookie(String[] tokens, int maxAge, HttpServletRequest request, HttpServletResponse response) {
+ String cookieValue = encodeCookie(tokens);
+ Cookie cookie = new Cookie(cookieName, cookieValue);
cookie.setMaxAge(maxAge);
cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");
-
- return cookie;
+ response.addCookie(cookie);
}
+ /**
+ * Implementation of LogoutHandler. Default behaviour is to call cancelCookie().
+ */
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
if (logger.isDebugEnabled()) {
logger.debug( "Logout of user "
diff --git a/core/src/main/java/org/springframework/security/ui/rememberme/PersistentTokenBasedRememberMeServices.java b/core/src/main/java/org/springframework/security/ui/rememberme/PersistentTokenBasedRememberMeServices.java
index ba460f99e2..88ee6b5b8b 100644
--- a/core/src/main/java/org/springframework/security/ui/rememberme/PersistentTokenBasedRememberMeServices.java
+++ b/core/src/main/java/org/springframework/security/ui/rememberme/PersistentTokenBasedRememberMeServices.java
@@ -151,8 +151,7 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
}
private void addCookie(PersistentRememberMeToken token, HttpServletRequest request, HttpServletResponse response) {
- String cookieValue = encodeCookie(new String[] {token.getSeries(), token.getTokenValue()});
- response.addCookie(makeValidCookie(cookieValue, request, getTokenValiditySeconds()));
+ setCookie(new String[] {token.getSeries(), token.getTokenValue()},getTokenValiditySeconds(), request, response);
}
public void setTokenRepository(PersistentTokenRepository tokenRepository) {
diff --git a/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java b/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
index 31085daff0..3ea087b93c 100644
--- a/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
+++ b/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
@@ -162,9 +162,8 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
long expiryTime = System.currentTimeMillis() + 1000*tokenLifetime;
String signatureValue = makeTokenSignature(expiryTime, username, password);
- String cookieValue = encodeCookie(new String[] {username, Long.toString(expiryTime), signatureValue});
- response.addCookie(makeValidCookie(cookieValue, request, tokenLifetime));
+ setCookie(new String[] {username, Long.toString(expiryTime), signatureValue}, tokenLifetime, request, response);
if (logger.isDebugEnabled()) {
logger.debug("Added remember-me cookie for user '" + username + "', expiry: '"
diff --git a/core/src/test/java/org/springframework/security/ui/rememberme/AbstractRememberMeServicesTests.java b/core/src/test/java/org/springframework/security/ui/rememberme/AbstractRememberMeServicesTests.java
index 77393ce7b7..5ea623f2f7 100644
--- a/core/src/test/java/org/springframework/security/ui/rememberme/AbstractRememberMeServicesTests.java
+++ b/core/src/test/java/org/springframework/security/ui/rememberme/AbstractRememberMeServicesTests.java
@@ -206,16 +206,23 @@ public class AbstractRememberMeServicesTests {
}
@Test
- public void makeValidCookieUsesCorrectNamePathAndValue() {
+ public void setCookieUsesCorrectNamePathAndValue() {
MockHttpServletRequest request = new MockHttpServletRequest();
+ MockHttpServletResponse response = new MockHttpServletResponse();
request.setContextPath("contextpath");
- MockRememberMeServices services = new MockRememberMeServices();
+ MockRememberMeServices services = new MockRememberMeServices() {
+ protected String encodeCookie(String[] cookieTokens) {
+ return cookieTokens[0];
+ }
+ };
services.setCookieName("mycookiename");
- Cookie cookie = services.makeValidCookie("mycookie", request, 1000);
+ services.setCookie(new String[] {"mycookie"}, 1000, request, response);
+ Cookie cookie = response.getCookie("mycookiename");
- assertTrue(cookie.getValue().equals("mycookie"));
- assertTrue(cookie.getName().equals("mycookiename"));
- assertTrue(cookie.getPath().equals("contextpath"));
+ assertNotNull(cookie);
+ assertEquals("mycookie", cookie.getValue());
+ assertEquals("mycookiename", cookie.getName());
+ assertEquals("contextpath", cookie.getPath());
}