public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
RememberMeServices implementation based on Barry Jaspan's Improved
 Persistent Login Cookie Best Practice.
 There is a slight modification to the described approach, in that the username is not
 stored as part of the cookie but obtained from the persistent store via an
 implementation of PersistentTokenRepository. The latter should place a unique
 constraint on the series identifier, so that it is impossible for the same identifier
 to be allocated to two different users.
 User management such as changing passwords, removing users and setting user status should be combined with maintenance of the user's persistent tokens.
Note that while this class will use the date a token was created to check whether a presented cookie is older than the configured tokenValiditySeconds property and deny authentication in this case, it will not delete these tokens from storage. A suitable batch process should be run periodically to remove expired tokens from the database.
| Modifier and Type | Field and Description | 
|---|---|
| static int | DEFAULT_SERIES_LENGTH | 
| static int | DEFAULT_TOKEN_LENGTH | 
DEFAULT_PARAMETER, logger, messages, SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, TWO_WEEKS_S| Constructor and Description | 
|---|
| PersistentTokenBasedRememberMeServices(String key,
                                      UserDetailsService userDetailsService,
                                      PersistentTokenRepository tokenRepository) | 
| Modifier and Type | Method and Description | 
|---|---|
| protected String | generateSeriesData() | 
| protected String | generateTokenData() | 
| void | logout(javax.servlet.http.HttpServletRequest request,
      javax.servlet.http.HttpServletResponse response,
      Authentication authentication)Implementation of  LogoutHandler. | 
| protected void | onLoginSuccess(javax.servlet.http.HttpServletRequest request,
              javax.servlet.http.HttpServletResponse response,
              Authentication successfulAuthentication)Creates a new persistent login token with a new series number, stores the data in
 the persistent token repository and adds the corresponding cookie to the response. | 
| protected UserDetails | processAutoLoginCookie(String[] cookieTokens,
                      javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)Locates the presented cookie data in the token repository, using the series id. | 
| void | setSeriesLength(int seriesLength) | 
| void | setTokenLength(int tokenLength) | 
| void | setTokenValiditySeconds(int tokenValiditySeconds) | 
afterPropertiesSet, autoLogin, cancelCookie, createSuccessfulAuthentication, decodeCookie, encodeCookie, extractRememberMeCookie, getAuthenticationDetailsSource, getCookieName, getKey, getParameter, getTokenValiditySeconds, getUserDetailsService, loginFail, loginSuccess, onLoginFail, rememberMeRequested, setAlwaysRemember, setAuthenticationDetailsSource, setAuthoritiesMapper, setCookie, setCookieDomain, setCookieName, setParameter, setUserDetailsChecker, setUseSecureCookiepublic static final int DEFAULT_SERIES_LENGTH
public static final int DEFAULT_TOKEN_LENGTH
public PersistentTokenBasedRememberMeServices(String key, UserDetailsService userDetailsService, PersistentTokenRepository tokenRepository)
protected UserDetails processAutoLoginCookie(String[] cookieTokens, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
processAutoLoginCookie in class AbstractRememberMeServicescookieTokens - the series and token valuesrequest - the requestresponse - the response, to allow the cookie to be modified if required.RememberMeAuthenticationException - if there is no stored token corresponding
 to the submitted cookie, or if the token in the persistent store has expired.InvalidCookieException - if the cookie doesn't have two tokens as expected.CookieTheftException - if a presented series value is found, but the stored
 token is different from the one presented.protected void onLoginSuccess(javax.servlet.http.HttpServletRequest request,
                              javax.servlet.http.HttpServletResponse response,
                              Authentication successfulAuthentication)
onLoginSuccess in class AbstractRememberMeServicespublic void logout(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   Authentication authentication)
AbstractRememberMeServicesLogoutHandler. Default behaviour is to call
 cancelCookie().logout in interface LogoutHandlerlogout in class AbstractRememberMeServicesrequest - the HTTP requestresponse - the HTTP responseauthentication - the current principal detailsprotected String generateSeriesData()
protected String generateTokenData()
public void setSeriesLength(int seriesLength)
public void setTokenLength(int tokenLength)
public void setTokenValiditySeconds(int tokenValiditySeconds)
setTokenValiditySeconds in class AbstractRememberMeServices