org.springframework.security.web.authentication.rememberme
Class RememberMeAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- All Implemented Interfaces:
- javax.servlet.Filter, BeanNameAware, DisposableBean, InitializingBean, ApplicationEventPublisherAware, ServletContextAware
public class RememberMeAuthenticationFilter
- extends GenericFilterBean
- implements ApplicationEventPublisherAware
Detects if there is no Authentication
object in the SecurityContext
, and populates it
with a remember-me authentication token if a RememberMeServices
implementation so requests.
Concrete RememberMeServices
implementations will have their RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse)
method
called by this filter. The Authentication
or null
returned by that method will be placed
into the SecurityContext
. The AuthenticationManager
will be used, so that any concurrent
session management or other authentication-specific behaviour can be achieved. This is the same pattern as with
other authentication mechanisms, which call the AuthenticationManager
as part of their contract.
If authentication is successful, an InteractiveAuthenticationSuccessEvent
will be published to the application
context. No events will be published if authentication was unsuccessful, because this would generally be recorded
via an AuthenticationManager
-specific application event.
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
RememberMeAuthenticationFilter
public RememberMeAuthenticationFilter()
afterPropertiesSet
public void afterPropertiesSet()
- Specified by:
afterPropertiesSet
in interface InitializingBean
- Overrides:
afterPropertiesSet
in class GenericFilterBean
doFilter
public void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
- Specified by:
doFilter
in interface javax.servlet.Filter
- Throws:
IOException
javax.servlet.ServletException
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
- Called if a remember-me token is presented and successfully authenticated by the RememberMeServices
autoLogin method and the AuthenticationManager.
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
- Called if the AuthenticationManager rejects the authentication object returned from the
RememberMeServices autoLogin method. This method will not be called when no remember-me
token is present in the request and autoLogin returns null.
getRememberMeServices
public RememberMeServices getRememberMeServices()
setApplicationEventPublisher
public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
- Specified by:
setApplicationEventPublisher
in interface ApplicationEventPublisherAware
setAuthenticationManager
public void setAuthenticationManager(AuthenticationManager authenticationManager)
setRememberMeServices
public void setRememberMeServices(RememberMeServices rememberMeServices)