Package org.springframework.security.web.authentication.rememberme

Class RememberMeAuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class RememberMeAuthenticationFilter
extends org.springframework.web.filter.GenericFilterBean
implements org.springframework.context.ApplicationEventPublisherAware
    Detects if there is no Authentication object in the SecurityContext, and populates the context with a remember-me authentication token if a RememberMeServices implementation so requests.

    Concrete RememberMeServices implementations will have their RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse) method called by this filter. If this method returns a non-null Authentication object, it will be passed to the AuthenticationManager, so that any authentication-specific behaviour can be achieved. The resulting Authentication (if successful) will be placed into the SecurityContext.

    If authentication is successful, an InteractiveAuthenticationSuccessEvent will be published to the application context. No events will be published if authentication was unsuccessful, because this would generally be recorded via an AuthenticationManager-specific application event.

    Normally the request will be allowed to proceed regardless of whether authentication succeeds or fails. If some control over the destination for authenticated users is required, an AuthenticationSuccessHandler can be injected

    • Field Summary

      • Fields inherited from class org.springframework.web.filter.GenericFilterBean

        logger

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void afterPropertiesSet()  
      void doFilter​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)  
      RememberMeServices getRememberMeServices()  
      protected void onSuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult)
      Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.
      protected void onUnsuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException failed)
      Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method.
      void setApplicationEventPublisher​(org.springframework.context.ApplicationEventPublisher eventPublisher)  
      void setAuthenticationSuccessHandler​(AuthenticationSuccessHandler successHandler)
      Allows control over the destination a remembered user is sent to when they are successfully authenticated.

      • Methods inherited from class org.springframework.web.filter.GenericFilterBean

        addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Overrides:
        afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • onSuccessfulAuthentication

        protected void onSuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          Authentication authResult)
        Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.

      • onUnsuccessfulAuthentication

        protected void onUnsuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response,
                                            AuthenticationException failed)
        Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method. This method will not be called when no remember-me token is present in the request and autoLogin reurns null.

      • setApplicationEventPublisher

        public void setApplicationEventPublisher​(org.springframework.context.ApplicationEventPublisher eventPublisher)
        Specified by:
        setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAware

      • setAuthenticationSuccessHandler

        public void setAuthenticationSuccessHandler​(AuthenticationSuccessHandler successHandler)
        Allows control over the destination a remembered user is sent to when they are successfully authenticated. By default, the filter will just allow the current request to proceed, but if an AuthenticationSuccessHandler is set, it will be invoked and the doFilter() method will return immediately, thus allowing the application to redirect the user to a specific URL, regardless of whatthe original request was for.
        Parameters:
        successHandler - the strategy to invoke immediately before returning from doFilter().