Search code examples
spring-securitysap-commerce-cloudremember-me

Do not ask login for rememberMe users in checkout process etc. in SAP Hybris

When I make rememberMe(spring security) active in Hybris, I want rememberMe users to behave like Hard Login users. I mean, I would like those rememberMe users (soft login) to not face any obstacle like when they want to proceed in the checkout process or something like that. How can I achieve this in SAP Hybris platform?

Solution

  • Your question: How to disable HardLogin for the remember-me user in Hybris?

    find the detail explanation here

    Change RequireHardLoginBeforeControllerHandler

    Change beforeController method of RequireHardLoginBeforeControllerHandler.java, so that it always check if remember-me cookies present in the request and guid is missing or invalidated then create new guid without redirecting login page.

    Below yourstorefrontRememberMe needs to change with your storefront name, like mySiteRemmberMe

        public static final String SECURE_REMEMBER_ME_COOKIES = "yourstorefrontRememberMe";

    @Resource(name = "guidCookieStrategy")
    private GUIDCookieStrategy guidCookieStrategy;

    @Override
    public boolean beforeController(final HttpServletRequest request, final HttpServletResponse response,
            final HandlerMethod handler) throws Exception
    {
        boolean redirect = true;

        // We only care if the request is secure
        if (request.isSecure())
        {
            // Check if the handler has our annotation
            final RequireHardLogIn annotation = findAnnotation(handler, RequireHardLogIn.class);
            if (annotation != null)
            {
                final String guid = (String) request.getSession().getAttribute(SECURE_GUID_SESSION_KEY);

                if ((!getUserService().isAnonymousUser(getUserService().getCurrentUser()) || checkForAnonymousCheckout()) &&
                        checkForGUIDCookie(request, response, guid))
                {
                    redirect = false;
                }

                if (redirect)
                {
                    if(isRememberMeCookiePresent(request))
                    {
                        // If you find your guid is missing, lets recreate it.
                        guidCookieStrategy.setCookie(request, response);
                        return true;
                    }
                    else
                    {
                        LOG.warn((guid == null ? "missing secure token in session" : "no matching guid cookie") + ", redirecting");
                        getRedirectStrategy().sendRedirect(request, response, getRedirectUrl(request));
                        return false;
                    }
                }

            }
        }
        return true;
    }


    protected boolean isRememberMeCookiePresent(HttpServletRequest request) {
      Cookie[] cookies = request.getCookies();

      if ((cookies == null) || (cookies.length == 0)) {
          return false;
      }

      for (Cookie cookie : cookies) {
          if (SECURE_REMEMBER_ME_COOKIES.equals(cookie.getName())) {
              return cookie.getValue() != null;
          }
      }
      return false;
  }