Java tutorial
package org.springframework.security.oauth.consumer.rememberme; import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.security.oauth.consumer.OAuthConsumerToken; /** * Default implementation of the OAuth2 rememberme services. Just stores everything in the session by default. Storing * access token can be suppressed to reduce long-term expose of these tokens in the underlying HTTP session. * * @author Ryan Heaton * @author Alex Rau */ public class HttpSessionOAuthRememberMeServices implements OAuthRememberMeServices { public static final String REMEMBERED_TOKENS_KEY = HttpSessionOAuthRememberMeServices.class.getName() + "#REMEMBERED_TOKENS"; private boolean storeAccessTokens = true; @SuppressWarnings("unchecked") public Map<String, OAuthConsumerToken> loadRememberedTokens(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(false); if (session != null) { return (Map<String, OAuthConsumerToken>) session.getAttribute(REMEMBERED_TOKENS_KEY); } return null; } public void rememberTokens(Map<String, OAuthConsumerToken> tokens, HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(false); if (session == null) { return; } Map<String, OAuthConsumerToken> requestTokensOnly = new HashMap<String, OAuthConsumerToken>(); for (Map.Entry<String, OAuthConsumerToken> token : tokens.entrySet()) { if (storeAccessTokens && !token.getValue().isAccessToken()) requestTokensOnly.put(token.getKey(), token.getValue()); } session.setAttribute(REMEMBERED_TOKENS_KEY, requestTokensOnly); } }