DefaultRememberMeConfiguration xref


1   package com.atlassian.seraph.service.rememberme;
2   
3   import com.atlassian.seraph.config.SecurityConfig;
4   import com.atlassian.seraph.config.SecurityConfigFactory;
5   import com.atlassian.seraph.spi.rememberme.RememberMeConfiguration;
6   import org.apache.commons.lang.StringUtils;
7   
8   import javax.servlet.http.HttpServletRequest;
9   
10  /**
11   * This default implementation of {@link com.atlassian.seraph.spi.rememberme.RememberMeConfiguration}
12   */
13  public class DefaultRememberMeConfiguration implements RememberMeConfiguration
14  {
15      public static final int TWO_WEEKS = 2 * 7 * 24 * 60 * 60;
16      private final SecurityConfig config;
17  
18  
19      public DefaultRememberMeConfiguration()
20      {
21          this(SecurityConfigFactory.getInstance());
22      }
23  
24      public DefaultRememberMeConfiguration(final SecurityConfig config)
25      {
26          this.config = config;
27      }
28  
29      /**
30       * This app may needs to determine this.  See JRA-10508.  By default we load it from the same place that Serpah uses
31       * for backwards compatibility.
32       *
33       * @return true if {@link javax.servlet.http.Cookie#setSecure(boolean)} should be called with true
34       */
35      public boolean isInsecureCookieAlwaysUsed()
36      {
37          return config.isInsecureCookie();
38      }
39  
40  
41      /**
42       * By default we take the conservative route and not use HttpOnly cookies.  However an application
43       * can decide to make it more secure and return true.  We had initial troubles in JIRA and hence
44       * we took the conservative route.  Eventually we want to get around these problems 
45       * 
46       * @return
47       */
48      public boolean isCookieHttpOnly()
49      {
50          return false;
51      }
52  
53      public String getCookieName()
54      {
55          return config.getLoginCookieKey();
56      }
57  
58      public int getCookieMaxAgeInSeconds()
59      {
60          int maxAge = config.getAutoLoginCookieAge();
61          if (maxAge <= 0)
62          {
63              maxAge = TWO_WEEKS;
64          }
65          return maxAge;
66      }
67  
68      public String getCookieDomain(final HttpServletRequest httpServletRequest)
69      {
70          return null;
71      }
72  
73      public String getCookiePath(final HttpServletRequest httpServletRequest)
74      {
75          final String path = config.getLoginCookiePath();
76          if (path != null)
77          {
78              return path;
79          }
80          final String contextPath = httpServletRequest.getContextPath();
81          if (StringUtils.isBlank(contextPath))
82          {
83              return "/";
84          }
85          return contextPath;
86      }
87  }