|Constructor and Description|
|Modifier and Type||Method and Description|
This method will be called whenever the
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
Called whenever an interactive authentication attempt is successful.
public Authentication autoLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
SecurityContextHolderdoes not contain an
Authenticationobject and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities. Spring Security makes no attempt whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie. Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for whatever reason, it should be silently ignored and invalidated using the
Authentication must be acceptable to
by the web application. It is recommended
be used in most cases, as it has a corresponding authentication provider.
public void loginFail(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
public void loginSuccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication successfulAuthentication)
HttpServletResponse, although this is not recommended. Instead, implementations should typically look for a request parameter that indicates the browser has presented an explicit request for authentication to be remembered, such as the presence of a HTTP POST parameter.