public class NullRememberMeServices extends Object implements RememberMeServices
NullRememberMeServices
that does nothing.
Used as a default by several framework classes.
Constructor and Description |
---|
NullRememberMeServices() |
Modifier and Type | Method and Description |
---|---|
Authentication |
autoLogin(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This method will be called whenever the
SecurityContextHolder does not
contain an Authentication object and Spring Security wishes to provide
an implementation with an opportunity to authenticate the request using remember-me
capabilities. |
void |
loginFail(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Called whenever an interactive authentication attempt was made, but the credentials
supplied by the user were missing or otherwise invalid.
|
void |
loginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication successfulAuthentication)
Called whenever an interactive authentication attempt is successful.
|
public Authentication autoLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
RememberMeServices
SecurityContextHolder
does not
contain an Authentication
object and Spring Security wishes to provide
an implementation with an opportunity to authenticate the request using remember-me
capabilities. Spring Security makes no attempt whatsoever to determine whether the
browser has requested remember-me services or presented a valid cookie. Such
determinations are left to the implementation. If a browser has presented an
unauthorised cookie for whatever reason, it should be silently ignored and
invalidated using the HttpServletResponse
object.
The returned Authentication
must be acceptable to
AuthenticationManager
or
AuthenticationProvider
defined
by the web application. It is recommended
RememberMeAuthenticationToken
be used in most cases, as it has a corresponding authentication provider.
autoLogin
in interface RememberMeServices
request
- to look for a remember-me token withinresponse
- to change, cancel or modify the remember-me tokennull
if the request should
not be authenticatedpublic void loginFail(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
RememberMeServices
HttpServletRequest
.loginFail
in interface RememberMeServices
request
- that contained an invalid authentication requestresponse
- to change, cancel or modify the remember-me tokenpublic void loginSuccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication successfulAuthentication)
RememberMeServices
HttpServletResponse
, although this is not recommended. Instead,
implementations should typically look for a request parameter that indicates the
browser has presented an explicit request for authentication to be remembered, such
as the presence of a HTTP POST parameter.loginSuccess
in interface RememberMeServices
request
- that contained the valid authentication requestresponse
- to change, cancel or modify the remember-me tokensuccessfulAuthentication
- representing the successfully authenticated
principal