public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
is populated with a RememberMeAuthenticationProvider
RememberMeServices
is populated as a shared object and available on AbstractConfiguredSecurityBuilder.getSharedObject(Class)
LogoutConfigurer.addLogoutHandler(LogoutHandler)
is used to add a logout handler to clean up the remember me authentication.AuthenticationManager
UserDetailsService
if no userDetailsService(UserDetailsService)
was specified.DefaultLoginPageGeneratingFilter
- if present will be populated with information from the configurationConstructor and Description |
---|
RememberMeConfigurer()
Creates a new instance
|
Modifier and Type | Method and Description |
---|---|
RememberMeConfigurer<H> |
authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
|
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties
on the SecurityBuilder . |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
void |
init(H http)
Initialize the
SecurityBuilder . |
RememberMeConfigurer<H> |
key(String key)
Sets the key to identify tokens created for remember me authentication.
|
RememberMeConfigurer<H> |
rememberMeServices(RememberMeServices rememberMeServices)
Specify the
RememberMeServices to use. |
RememberMeConfigurer<H> |
tokenRepository(PersistentTokenRepository tokenRepository)
Specifies the
PersistentTokenRepository to use. |
RememberMeConfigurer<H> |
tokenValiditySeconds(int tokenValiditySeconds)
Allows specifying how long (in seconds) a token is valid for
|
RememberMeConfigurer<H> |
userDetailsService(UserDetailsService userDetailsService)
Specifies the
UserDetailsService used to look up the
UserDetails when a remember me token is valid. |
RememberMeConfigurer<H> |
useSecureCookie(boolean useSecureCookie)
Whether the cookie should be flagged as secure or not.
|
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
public RememberMeConfigurer<H> tokenValiditySeconds(int tokenValiditySeconds)
tokenValiditySeconds
- RememberMeConfigurer
for further customizationAbstractRememberMeServices.setTokenValiditySeconds(int)
public RememberMeConfigurer<H> useSecureCookie(boolean useSecureCookie)
By default the cookie will be secure if the request is secure. If you only want to use remember-me over
HTTPS (recommended) you should set this property to true
.
useSecureCookie
- set to true
to always user secure cookies, false
to disable their use.RememberMeConfigurer
for further customizationAbstractRememberMeServices.setUseSecureCookie(boolean)
public RememberMeConfigurer<H> userDetailsService(UserDetailsService userDetailsService)
UserDetailsService
used to look up the
UserDetails
when a remember me token is valid. The default is to
use the UserDetailsService
found by invoking
AbstractConfiguredSecurityBuilder.getSharedObject(Class)
which is set when using
WebSecurityConfigurerAdapter.configure(AuthenticationManagerBuilder)
.
Alternatively, one can populate rememberMeServices(RememberMeServices)
.userDetailsService
- the UserDetailsService
to configureRememberMeConfigurer
for further customizationAbstractRememberMeServices
public RememberMeConfigurer<H> tokenRepository(PersistentTokenRepository tokenRepository)
PersistentTokenRepository
to use. The default is to
use TokenBasedRememberMeServices
instead.tokenRepository
- the PersistentTokenRepository
to useRememberMeConfigurer
for further customizationpublic RememberMeConfigurer<H> key(String key)
key
- the key to identify tokens created for remember me authenticationRememberMeConfigurer
for further customizationpublic RememberMeConfigurer<H> authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)
AuthenticationSuccessHandler
is set, it will be invoked and the doFilter()
method will return
immediately, thus allowing the application to redirect the user to a specific URL, regardless of what the original
request was for.authenticationSuccessHandler
- the strategy to invoke immediately before returning from doFilter()
.RememberMeConfigurer
for further customizationRememberMeAuthenticationFilter.setAuthenticationSuccessHandler(AuthenticationSuccessHandler)
public RememberMeConfigurer<H> rememberMeServices(RememberMeServices rememberMeServices)
RememberMeServices
to use.rememberMeServices
- the RememberMeServices
to useRememberMeConfigurer
for further customizationsRememberMeServices
public void init(H http) throws Exception
SecurityConfigurer
SecurityBuilder
. Here only shared state should be
created and modified, but not properties on the SecurityBuilder
used for building the object. This ensures that the
SecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared
objects when building.init
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
init
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Exception
public void configure(H http) throws Exception
SecurityConfigurer
SecurityBuilder
by setting the necessary properties
on the SecurityBuilder
.configure
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
configure
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Exception
public B disable()
AbstractHttpConfigurer
by removing it. After doing
so a fresh version of the configuration can be applied.HttpSecurityBuilder
for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)