protected PersistentLogin deserializeLogin(String serializedLogin) throws RememberMeException { String decryptedLogin; try { decryptedLogin = encryptor.decrypt(serializedLogin); } catch (CryptoException e) { throw new RememberMeException("Unable to decrypt remember me cookie", e); } String[] splitSerializedLogin = StringUtils.split(decryptedLogin, SERIALIZED_LOGIN_SEPARATOR); if (ArrayUtils.isNotEmpty(splitSerializedLogin) && splitSerializedLogin.length == 3) { PersistentLogin login = new PersistentLogin(); login.setId(splitSerializedLogin[0]); login.setProfileId(splitSerializedLogin[1]); login.setToken(splitSerializedLogin[2]); return login; } else { throw new InvalidCookieException("Invalid format of remember me cookie"); } }
protected String serializeLogin(PersistentLogin login) throws RememberMeException { StringBuilder serializedLogin = new StringBuilder(); serializedLogin.append(login.getId()).append(SERIALIZED_LOGIN_SEPARATOR); serializedLogin.append(login.getProfileId()).append(SERIALIZED_LOGIN_SEPARATOR); serializedLogin.append(login.getToken()); try { return encryptor.encrypt(serializedLogin.toString()); } catch (CryptoException e) { throw new RememberMeException("Unable to encrypt remember me cookie", e); } }
@Override public void disableRememberMe(RequestContext context) throws RememberMeException { PersistentLogin login = getPersistentLoginFromCookie(context.getRequest()); if (login != null) { disableRememberMe(login.getId(), context); } }
actualLogin = authenticationService.getPersistentLogin(login.getId()); } catch (ProfileException e) { throw new RememberMeException("Error retrieving persistent login '" + login.getProfileId() + "'"); if (!login.getProfileId().equals(actualLogin.getProfileId())) { throw new InvalidCookieException("Profile ID mismatch"); } else if (!login.getToken().equals(actualLogin.getToken())) { throw new CookieTheftException("Token mismatch. Implies a cookie theft"); } else { String loginId = actualLogin.getId(); String profileId = actualLogin.getProfileId(); logger.debug("No persistent login found for ID '{}' (has possibly expired)", login.getId());