|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B> org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer<H>
public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
Configures Remember Me authentication. This typically involves the user checking a box when they enter their username and password that states to "Remember Me".
HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
is populated with a RememberMeAuthenticationProvider
RememberMeServices
is populated as a shared object and available on AbstractConfiguredSecurityBuilder.getSharedObject(Class)
LogoutConfigurer.addLogoutHandler(LogoutHandler)
is used to add a logout handler to clean up the remember me authentication.AuthenticationManager
UserDetailsService
if no userDetailsService(UserDetailsService)
was specified.DefaultLoginPageViewFilter
- if present will be populated with information from the configuration
Constructor Summary | |
---|---|
RememberMeConfigurer()
Creates a new instance |
Method Summary | |
---|---|
RememberMeConfigurer<H> |
authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)
Allows control over the destination a remembered user is sent to when they are successfully authenticated. |
void |
configure(H http)
Configure the SecurityBuilder by setting the necessary properties
on the SecurityBuilder . |
B |
disable()
Disables the AbstractHttpConfigurer by removing it. |
void |
init(H http)
Initialize the SecurityBuilder . |
RememberMeConfigurer<H> |
key(String key)
Sets the key to identify tokens created for remember me authentication. |
RememberMeConfigurer<H> |
rememberMeServices(RememberMeServices rememberMeServices)
Specify the RememberMeServices to use. |
RememberMeConfigurer<H> |
tokenRepository(PersistentTokenRepository tokenRepository)
Specifies the PersistentTokenRepository to use. |
RememberMeConfigurer<H> |
tokenValiditySeconds(int tokenValiditySeconds)
Allows specifying how long (in seconds) a token is valid for |
RememberMeConfigurer<H> |
userDetailsService(UserDetailsService userDetailsService)
Specifies the UserDetailsService used to look up the
UserDetails when a remember me token is valid. |
RememberMeConfigurer<H> |
useSecureCookie(boolean useSecureCookie)
Whether the cookie should be flagged as secure or not. |
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
|
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter |
---|
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public RememberMeConfigurer()
Method Detail |
---|
public RememberMeConfigurer<H> tokenValiditySeconds(int tokenValiditySeconds)
tokenValiditySeconds
-
RememberMeConfigurer
for further customizationAbstractRememberMeServices.setTokenValiditySeconds(int)
public RememberMeConfigurer<H> useSecureCookie(boolean useSecureCookie)
By default the cookie will be secure if the request is secure. If you only want to use remember-me over
HTTPS (recommended) you should set this property to true
.
useSecureCookie
- set to true
to always user secure cookies, false
to disable their use.
RememberMeConfigurer
for further customizationAbstractRememberMeServices.setUseSecureCookie(boolean)
public RememberMeConfigurer<H> userDetailsService(UserDetailsService userDetailsService)
UserDetailsService
used to look up the
UserDetails
when a remember me token is valid. The default is to
use the UserDetailsService
found by invoking
AbstractConfiguredSecurityBuilder.getSharedObject(Class)
which is set when using
WebSecurityConfigurerAdapter#registerAuthentication(org.springframework.security.config.annotation.authentication.AuthenticationManagerBuilder)
.
Alternatively, one can populate rememberMeServices(RememberMeServices)
.
userDetailsService
- the UserDetailsService
to configure
RememberMeConfigurer
for further customizationAbstractRememberMeServices
public RememberMeConfigurer<H> tokenRepository(PersistentTokenRepository tokenRepository)
PersistentTokenRepository
to use. The default is to
use TokenBasedRememberMeServices
instead.
tokenRepository
- the PersistentTokenRepository
to use
RememberMeConfigurer
for further customizationpublic RememberMeConfigurer<H> key(String key)
key
- the key to identify tokens created for remember me authentication
RememberMeConfigurer
for further customizationpublic RememberMeConfigurer<H> authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)
AuthenticationSuccessHandler
is set, it will be invoked and the doFilter()
method will return
immediately, thus allowing the application to redirect the user to a specific URL, regardless of what the original
request was for.
authenticationSuccessHandler
- the strategy to invoke immediately before returning from doFilter()
.
RememberMeConfigurer
for further customizationRememberMeAuthenticationFilter.setAuthenticationSuccessHandler(AuthenticationSuccessHandler)
public RememberMeConfigurer<H> rememberMeServices(RememberMeServices rememberMeServices)
RememberMeServices
to use.
rememberMeServices
- the RememberMeServices
to use
RememberMeConfigurer
for further customizationsRememberMeServices
public void init(H http) throws Exception
SecurityConfigurer
SecurityBuilder
. Here only shared state should be
created and modified, but not properties on the SecurityBuilder
used for building the object. This ensures that the
SecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared
objects when building.
init
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
init
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Exception
public void configure(H http) throws Exception
SecurityConfigurer
SecurityBuilder
by setting the necessary properties
on the SecurityBuilder
.
configure
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
configure
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Exception
public B disable()
AbstractHttpConfigurer
by removing it. After doing
so a fresh version of the configuration can be applied.
HttpSecurityBuilder
for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |