Class RememberMeAuthenticationFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class RememberMeAuthenticationFilter extends org.springframework.web.filter.GenericFilterBean implements org.springframework.context.ApplicationEventPublisherAware
Detects if there is noAuthentication
object in theSecurityContext
, and populates the context with a remember-me authentication token if aRememberMeServices
implementation so requests.Concrete
RememberMeServices
implementations will have theirRememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse)
method called by this filter. If this method returns a non-nullAuthentication
object, it will be passed to theAuthenticationManager
, so that any authentication-specific behaviour can be achieved. The resultingAuthentication
(if successful) will be placed into theSecurityContext
.If authentication is successful, an
InteractiveAuthenticationSuccessEvent
will be published to the application context. No events will be published if authentication was unsuccessful, because this would generally be recorded via anAuthenticationManager
-specific application event.Normally the request will be allowed to proceed regardless of whether authentication succeeds or fails. If some control over the destination for authenticated users is required, an
AuthenticationSuccessHandler
can be injected
-
-
Constructor Summary
Constructors Constructor Description RememberMeAuthenticationFilter(AuthenticationManager authenticationManager, RememberMeServices rememberMeServices)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterPropertiesSet()
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
RememberMeServices
getRememberMeServices()
protected void
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult)
Called if a remember-me token is presented and successfully authenticated by theRememberMeServices
autoLogin
method and theAuthenticationManager
.protected void
onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException failed)
Called if theAuthenticationManager
rejects the authentication object returned from theRememberMeServices
autoLogin
method.void
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)
void
setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler)
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
-
-
-
Constructor Detail
-
RememberMeAuthenticationFilter
public RememberMeAuthenticationFilter(AuthenticationManager authenticationManager, RememberMeServices rememberMeServices)
-
-
Method Detail
-
afterPropertiesSet
public void afterPropertiesSet()
- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in classorg.springframework.web.filter.GenericFilterBean
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
java.io.IOException
javax.servlet.ServletException
-
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult)
Called if a remember-me token is presented and successfully authenticated by theRememberMeServices
autoLogin
method and theAuthenticationManager
.
-
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException failed)
Called if theAuthenticationManager
rejects the authentication object returned from theRememberMeServices
autoLogin
method. This method will not be called when no remember-me token is present in the request andautoLogin
reurns null.
-
getRememberMeServices
public RememberMeServices getRememberMeServices()
-
setApplicationEventPublisher
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)
- Specified by:
setApplicationEventPublisher
in interfaceorg.springframework.context.ApplicationEventPublisherAware
-
setAuthenticationSuccessHandler
public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler)
Allows control over the destination a remembered user is sent to when they are successfully authenticated. By default, the filter will just allow the current request to proceed, but if anAuthenticationSuccessHandler
is set, it will be invoked and thedoFilter()
method will return immediately, thus allowing the application to redirect the user to a specific URL, regardless of whatthe original request was for.- Parameters:
successHandler
- the strategy to invoke immediately before returning fromdoFilter()
.
-
-