Class RememberMeCookieTheftExceptionHandler
java.lang.Object
com.broadleafcommerce.auth.authorization.security.rememberme.service.exception.RememberMeCookieTheftExceptionHandler
- All Implemented Interfaces:
UncaughtRememberMeAuthenticationExceptionHandler,org.springframework.core.Ordered
public class RememberMeCookieTheftExceptionHandler
extends Object
implements UncaughtRememberMeAuthenticationExceptionHandler
Handles when a
CookieTheftException is thrown. In the
BroadleafRememberMeAuthenticationFilter and
BroadleafPersistentTokenRememberMeServices implementations, this exception is fully
uncaught and thus requires this high-level component to gracefully handle.-
Field Summary
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE -
Constructor Summary
ConstructorsConstructorDescriptionRememberMeCookieTheftExceptionHandler(org.springframework.security.web.RedirectStrategy redirectStrategy) -
Method Summary
Modifier and TypeMethodDescriptionbooleancanHandle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, org.springframework.security.core.AuthenticationException failed) protected org.springframework.security.web.RedirectStrategyvoidhandle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, org.springframework.security.core.AuthenticationException failed) By the time this method is called, theAbstractRememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse)should have already cancelled the remember-me cookie and globally revoked all remember-me tokens for the affected user.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface com.broadleafcommerce.auth.authorization.security.rememberme.service.exception.UncaughtRememberMeAuthenticationExceptionHandler
getOrder
-
Constructor Details
-
RememberMeCookieTheftExceptionHandler
public RememberMeCookieTheftExceptionHandler(org.springframework.security.web.RedirectStrategy redirectStrategy)
-
-
Method Details
-
canHandle
public boolean canHandle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, org.springframework.security.core.AuthenticationException failed) - Specified by:
canHandlein interfaceUncaughtRememberMeAuthenticationExceptionHandler- Parameters:
request- that contained an invalid authentication requestresponse- to modify with any changeschain- the filter chain containing the next filters. Useful if the handler wants to continue with the remainder of the filter chain.failed- the exception that occurred- Returns:
- whether this handler can handle the exception
-
handle
public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, org.springframework.security.core.AuthenticationException failed) throws IOException, jakarta.servlet.ServletException By the time this method is called, the
AbstractRememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse)should have already cancelled the remember-me cookie and globally revoked all remember-me tokens for the affected user. Thus, there is no need for this handler to do any of that behavior.Instead, this handler focuses on redirecting the user to logout to clear their local state.
- Specified by:
handlein interfaceUncaughtRememberMeAuthenticationExceptionHandler- Parameters:
request- that contained an invalid authentication requestresponse- to modify with any changeschain- the filter chain containing the next filters. Useful if the handler wants to continue with the remainder of the filter chain.failed- the exception that occurred- Throws:
IOExceptionjakarta.servlet.ServletException
-
getRedirectStrategy
protected org.springframework.security.web.RedirectStrategy getRedirectStrategy()
-