dashboard improvements

dimafeng · Jun 18, 2015 · 6672abfa97636974162f48cc0a9e0c908c6e2a70 · 6672abf
1 parent ef0d2ad
commit 6672abfa97636974162f48cc0a9e0c908c6e2a70
diff --git a/myApp/www/js/controllers.js b/myApp/www/js/controllers.js
@@ -102,7 +102,9 @@ angular.module('starter.controllers', [])
     })
     .controller('LoginCtrl', function ($scope, $timeout, UserService, $rootScope) {
 
-        $scope.loginData = {};
+        $scope.loginData = {
+            "remember-me": true
+        };
 
         $scope.doLogin = function () {
             UserService.login($scope.loginData).then(function () {

diff --git a/server/src/main/java/com/dimafeng/cards/config/AppSecurityConfig.java b/server/src/main/java/com/dimafeng/cards/config/AppSecurityConfig.java
@@ -9,15 +9,16 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;
 import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.RememberMeAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
 import org.springframework.security.web.authentication.RememberMeServices;
-import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
-import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
+import org.springframework.security.web.authentication.rememberme.*;
 
 import javax.servlet.http.HttpServletResponse;
 import java.io.PrintWriter;
@@ -26,20 +27,21 @@
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(securedEnabled = true)
 //@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
-public class AppSecurityConfig extends WebSecurityConfigurerAdapter
-{
+public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
+
     @Autowired
     UserService userService;
 
     @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
-    {
+    PersistentTokenRepository repository;
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
         auth.userDetailsService(userService).passwordEncoder(userService);
     }
 
     @Override
-    protected void configure(HttpSecurity http) throws Exception
-    {
+    protected void configure(HttpSecurity http) throws Exception {
         http
                 /**
                  * TODO enable csrf
@@ -77,7 +79,10 @@ protected void configure(HttpSecurity http) throws Exception
                          * marked by @Secured annotation, we don't need to redirect request to
                          * /login page, we just need to return 403 error code
                          */
-                .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
+                .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint())
+                .and()
+                .rememberMe()
+                .tokenRepository(repository);
     }
 
 }
diff --git a/server/src/main/java/com/dimafeng/cards/model/Token.java b/server/src/main/java/com/dimafeng/cards/model/Token.java
@@ -0,0 +1,31 @@
+package com.dimafeng.cards.model;
+
+import org.springframework.data.annotation.Id;
+import org.springframework.data.annotation.PersistenceConstructor;
+import org.springframework.data.mongodb.core.index.CompoundIndex;
+import org.springframework.data.mongodb.core.index.CompoundIndexes;
+import org.springframework.data.mongodb.core.mapping.Document;
+import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken;
+
+import java.util.Date;
+
+@Document
+@CompoundIndexes({
+        @CompoundIndex(name = "i_username", def = "{'username': 1}"),
+        @CompoundIndex(name = "i_series", def = "{'series': 1}")
+})
+public class Token extends PersistentRememberMeToken {
+
+    @Id
+    private final String id;
+
+    @PersistenceConstructor
+    public Token(String id, String username, String series, String tokenValue, Date date) {
+        super(username, series, tokenValue, date);
+        this.id = id;
+    }
+
+    public String getId() {
+        return id;
+    }
+}
diff --git a/server/src/main/java/com/dimafeng/cards/repository/TokenRepository.java b/server/src/main/java/com/dimafeng/cards/repository/TokenRepository.java
@@ -0,0 +1,9 @@
+package com.dimafeng.cards.repository;
+
+import com.dimafeng.cards.model.Token;
+import org.springframework.data.mongodb.repository.MongoRepository;
+
+public interface TokenRepository extends MongoRepository<Token, String> {
+    Token findBySeries(String series);
+    Token findByUsername(String username);
+}
diff --git a/server/src/main/java/com/dimafeng/cards/service/TokenService.java b/server/src/main/java/com/dimafeng/cards/service/TokenService.java
@@ -0,0 +1,45 @@
+package com.dimafeng.cards.service;
+
+import com.dimafeng.cards.model.Token;
+import com.dimafeng.cards.repository.TokenRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
+import org.springframework.stereotype.Component;
+
+import java.util.Date;
+
+@Component
+public class TokenService implements PersistentTokenRepository {
+
+    @Autowired
+    TokenRepository repository;
+
+    @Override
+    public void createNewToken(PersistentRememberMeToken token) {
+        repository.save(new Token(null,
+                token.getUsername(),
+                token.getSeries(),
+                token.getTokenValue(),
+                token.getDate()));
+    }
+
+    @Override
+    public void updateToken(String series, String tokenValue, Date lastUsed) {
+        Token token = repository.findBySeries(series);
+        repository.save(new Token(token.getId(), token.getUsername(), series, tokenValue, lastUsed));
+    }
+
+    @Override
+    public PersistentRememberMeToken getTokenForSeries(String seriesId) {
+        return repository.findBySeries(seriesId);
+    }
+
+    @Override
+    public void removeUserTokens(String username) {
+        Token token = repository.findByUsername(username);
+        repository.save(token);
+    }
+
+
+}