Class RememberMeAuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
Authentication
object in the SecurityContext
,
and populates the context with a remember-me authentication token if a
RememberMeServices
implementation so requests.
Concrete RememberMeServices
implementations will have their
RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse)
method
called by this filter. If this method returns a non-null Authentication
object,
it will be passed to the AuthenticationManager
, so that any
authentication-specific behaviour can be achieved. The resulting Authentication
(if successful) will be placed into the SecurityContext
.
If authentication is successful, an InteractiveAuthenticationSuccessEvent
will
be published to the application context. No events will be published if authentication
was unsuccessful, because this would generally be recorded via an
AuthenticationManager
-specific application event.
Normally the request will be allowed to proceed regardless of whether authentication
succeeds or fails. If some control over the destination for authenticated users is
required, an AuthenticationSuccessHandler
can be injected
-
Field Summary
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionRememberMeAuthenticationFilter
(AuthenticationManager authenticationManager, RememberMeServices rememberMeServices) -
Method Summary
Modifier and TypeMethodDescriptionvoid
void
doFilter
(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) protected void
onSuccessfulAuthentication
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authResult) Called if a remember-me token is presented and successfully authenticated by theRememberMeServices
autoLogin
method and theAuthenticationManager
.protected void
onUnsuccessfulAuthentication
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException failed) Called if theAuthenticationManager
rejects the authentication object returned from theRememberMeServices
autoLogin
method.void
setApplicationEventPublisher
(org.springframework.context.ApplicationEventPublisher eventPublisher) void
setAuthenticationSuccessHandler
(AuthenticationSuccessHandler successHandler) Allows control over the destination a remembered user is sent to when they are successfully authenticated.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setSecurityContextRepository
(SecurityContextRepository securityContextRepository) Sets theSecurityContextRepository
to save theSecurityContext
on authentication success.Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
RememberMeAuthenticationFilter
public RememberMeAuthenticationFilter(AuthenticationManager authenticationManager, RememberMeServices rememberMeServices)
-
-
Method Details
-
afterPropertiesSet
public void afterPropertiesSet()- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in classorg.springframework.web.filter.GenericFilterBean
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Specified by:
doFilter
in interfacejakarta.servlet.Filter
- Throws:
IOException
jakarta.servlet.ServletException
-
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authResult) Called if a remember-me token is presented and successfully authenticated by theRememberMeServices
autoLogin
method and theAuthenticationManager
. -
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException failed) Called if theAuthenticationManager
rejects the authentication object returned from theRememberMeServices
autoLogin
method. This method will not be called when no remember-me token is present in the request andautoLogin
reurns null. -
getRememberMeServices
-
setApplicationEventPublisher
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher) - Specified by:
setApplicationEventPublisher
in interfaceorg.springframework.context.ApplicationEventPublisherAware
-
setAuthenticationSuccessHandler
Allows control over the destination a remembered user is sent to when they are successfully authenticated. By default, the filter will just allow the current request to proceed, but if anAuthenticationSuccessHandler
is set, it will be invoked and thedoFilter()
method will return immediately, thus allowing the application to redirect the user to a specific URL, regardless of whatthe original request was for.- Parameters:
successHandler
- the strategy to invoke immediately before returning fromdoFilter()
.
-
setSecurityContextRepository
Sets theSecurityContextRepository
to save theSecurityContext
on authentication success. The default action is not to save theSecurityContext
.- Parameters:
securityContextRepository
- theSecurityContextRepository
to use. Cannot be null.
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-