RememberMeConfigurer (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.config.annotation.web.configurers
Class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
  org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
      org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer<H>

All Implemented Interfaces:: SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

Configures Remember Me authentication. This typically involves the user checking a box when they enter their username and password that states to "Remember Me".

Security Filters

The following Filters are populated

RememberMeAuthenticationFilter

Shared Objects Created

The following shared objects are populated

HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider) is populated with a RememberMeAuthenticationProvider
RememberMeServices is populated as a shared object and available on AbstractConfiguredSecurityBuilder.getSharedObject(Class)
LogoutConfigurer.addLogoutHandler(LogoutHandler) is used to add a logout handler to clean up the remember me authentication.

Shared Objects Used

The following shared objects are used:

AuthenticationManager
UserDetailsService if no userDetailsService(UserDetailsService) was specified.
DefaultLoginPageViewFilter - if present will be populated with information from the configuration

Since:: 3.2

Constructor Summary
`RememberMeConfigurer()` Creates a new instance

Method Summary
`RememberMeConfigurer<H>`	`authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)` Allows control over the destination a remembered user is sent to when they are successfully authenticated.
`void`	`configure(H http)` Configure the `SecurityBuilder` by setting the necessary properties on the `SecurityBuilder`.
`B`	`disable()` Disables the `AbstractHttpConfigurer` by removing it.
`void`	`init(H http)` Initialize the `SecurityBuilder`.
`RememberMeConfigurer<H>`	`key(String key)` Sets the key to identify tokens created for remember me authentication.
`RememberMeConfigurer<H>`	`rememberMeServices(RememberMeServices rememberMeServices)` Specify the `RememberMeServices` to use.
`RememberMeConfigurer<H>`	`tokenRepository(PersistentTokenRepository tokenRepository)` Specifies the `PersistentTokenRepository` to use.
`RememberMeConfigurer<H>`	`tokenValiditySeconds(int tokenValiditySeconds)` Allows specifying how long (in seconds) a token is valid for
`RememberMeConfigurer<H>`	`userDetailsService(UserDetailsService userDetailsService)` Specifies the `UserDetailsService` used to look up the `UserDetails` when a remember me token is valid.
`RememberMeConfigurer<H>`	`useSecureCookie(boolean useSecureCookie)` Whether the cookie should be flagged as secure or not.
`T`	`withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)`

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
`addObjectPostProcessor, and, getBuilder, postProcess, setBuilder`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

RememberMeConfigurer

public RememberMeConfigurer()

Creates a new instance

Method Detail

tokenValiditySeconds

public RememberMeConfigurer<H> tokenValiditySeconds(int tokenValiditySeconds)

Allows specifying how long (in seconds) a token is valid for

Parameters:: tokenValiditySeconds -
Returns:: RememberMeConfigurer for further customization
See Also:: AbstractRememberMeServices.setTokenValiditySeconds(int)

useSecureCookie

public RememberMeConfigurer<H> useSecureCookie(boolean useSecureCookie)

Whether the cookie should be flagged as secure or not. Secure cookies can only be sent over an HTTPS connection and thus cannot be accidentally submitted over HTTP where they could be intercepted.

By default the cookie will be secure if the request is secure. If you only want to use remember-me over HTTPS (recommended) you should set this property to true.

Parameters:: useSecureCookie - set to true to always user secure cookies, false to disable their use.
Returns:: the RememberMeConfigurer for further customization
See Also:: AbstractRememberMeServices.setUseSecureCookie(boolean)

userDetailsService

public RememberMeConfigurer<H> userDetailsService(UserDetailsService userDetailsService)

Specifies the UserDetailsService used to look up the UserDetails when a remember me token is valid. The default is to use the UserDetailsService found by invoking AbstractConfiguredSecurityBuilder.getSharedObject(Class) which is set when using

WebSecurityConfigurerAdapter#registerAuthentication(org.springframework.security.config.annotation.authentication.AuthenticationManagerBuilder)

. Alternatively, one can populate rememberMeServices(RememberMeServices).

Parameters:: userDetailsService - the UserDetailsService to configure
Returns:: the RememberMeConfigurer for further customization
See Also:: AbstractRememberMeServices

tokenRepository

public RememberMeConfigurer<H> tokenRepository(PersistentTokenRepository tokenRepository)

Specifies the PersistentTokenRepository to use. The default is to use TokenBasedRememberMeServices instead.

Parameters:: tokenRepository - the PersistentTokenRepository to use
Returns:: the RememberMeConfigurer for further customization

key

public RememberMeConfigurer<H> key(String key)

Sets the key to identify tokens created for remember me authentication. Default is a secure randomly generated key.

Parameters:: key - the key to identify tokens created for remember me authentication
Returns:: the RememberMeConfigurer for further customization

authenticationSuccessHandler

public RememberMeConfigurer<H> authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)

Allows control over the destination a remembered user is sent to when they are successfully authenticated. By default, the filter will just allow the current request to proceed, but if an AuthenticationSuccessHandler is set, it will be invoked and the doFilter() method will return immediately, thus allowing the application to redirect the user to a specific URL, regardless of what the original request was for.

Parameters:: authenticationSuccessHandler - the strategy to invoke immediately before returning from doFilter().
Returns:: RememberMeConfigurer for further customization
See Also:: RememberMeAuthenticationFilter.setAuthenticationSuccessHandler(AuthenticationSuccessHandler)

rememberMeServices

public RememberMeConfigurer<H> rememberMeServices(RememberMeServices rememberMeServices)

Specify the RememberMeServices to use.

Parameters:: rememberMeServices - the RememberMeServices to use
Returns:: the RememberMeConfigurer for further customizations
See Also:: RememberMeServices

init

public void init(H http)
          throws Exception

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building.

Specified by:: init in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Overrides:: init in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:: Exception

configure

public void configure(H http)
               throws Exception