Merge branch 'master' of github.com:jenkinsci/jenkins

638e04e0 · Jesse Glick · c4c2ad2f · 0b5a4a35 · 638e04e0 · 638e04e0
隐藏空白更改
内联并排

Showing with 42 addition and 0 deletion

changelog.html changelog.html +4 -0

core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java ...n/java/hudson/security/TokenBasedRememberMeServices2.java +38 -0

未找到文件。
--- a/changelog.html
+++ b/changelog.html
@@ -61,6 +61,10 @@ Upcoming changes</a>
  <li class=bug>
    Run parameters do not support folders.
    (<a href="https://issues.jenkins-ci.org/browse/JENKINS-16462">issue 16462</a>)
+  <li class=bug>
+    Fixed RememberMe cookie signature generation.
+    (<a href="https://issues.jenkins-ci.org/browse/JENKINS-16278">issue 16278</a>)
+    
 </ul>
 </div><!--=TRUNK-END=-->


--- a/core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
+++ b/core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
@@ -23,10 +23,17 @@
 */
 package hudson.security;

+import java.util.Date;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import jenkins.security.HMACConfidentialKey;
 import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
 import org.acegisecurity.userdetails.UserDetails;
 import org.acegisecurity.Authentication;
+import org.apache.commons.codec.binary.Base64;
+import org.springframework.util.Assert;

 /**
 * {@link TokenBasedRememberMeServices} with modification so as not to rely
@@ -51,6 +58,37 @@ public class TokenBasedRememberMeServices2 extends TokenBasedRememberMeServices
        return "N/A";
    }

+    @Override
+	public void loginSuccess(HttpServletRequest request, HttpServletResponse response,
+			Authentication successfulAuthentication) {
+		// Exit if the principal hasn't asked to be remembered
+		if (!rememberMeRequested(request, getParameter())) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("Did not send remember-me cookie (principal did not set parameter '" +
+						getParameter() + "')");
+			}
+
+			return;
+		}
+
+		Assert.notNull(successfulAuthentication.getPrincipal());
+		Assert.notNull(successfulAuthentication.getCredentials());
+		Assert.isInstanceOf(UserDetails.class, successfulAuthentication.getPrincipal());
+
+		long expiryTime = System.currentTimeMillis() + (tokenValiditySeconds * 1000);
+		String username = ((UserDetails) successfulAuthentication.getPrincipal()).getUsername();
+
+		String signatureValue = makeTokenSignature(expiryTime, (UserDetails)successfulAuthentication.getPrincipal());
+		String tokenValue = username + ":" + expiryTime + ":" + signatureValue;
+		String tokenValueBase64 = new String(Base64.encodeBase64(tokenValue.getBytes()));
+		response.addCookie(makeValidCookie(tokenValueBase64, request, tokenValiditySeconds));
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("Added remember-me cookie for user '" + username + "', expiry: '" + new Date(expiryTime)
+							+ "'");
+		}
+	}
+
    /**
     * Used to compute the token signature securely.
     */