Class NullRememberMeServices
java.lang.Object
org.springframework.security.web.authentication.NullRememberMeServices
- All Implemented Interfaces:
RememberMeServices
Implementation of
NullRememberMeServices that does nothing.
Used as a default by several framework classes.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionautoLogin(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) This method will be called whenever theSecurityContextHolderdoes not contain anAuthenticationobject and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.voidloginFail(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.voidloginSuccess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication successfulAuthentication) Called whenever an interactive authentication attempt is successful.
-
Constructor Details
-
NullRememberMeServices
public NullRememberMeServices()
-
-
Method Details
-
autoLogin
public Authentication autoLogin(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:RememberMeServicesThis method will be called whenever theSecurityContextHolderdoes not contain anAuthenticationobject and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities. Spring Security makes no attempt whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie. Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for whatever reason, it should be silently ignored and invalidated using theHttpServletResponseobject.The returned
Authenticationmust be acceptable toAuthenticationManagerorAuthenticationProviderdefined by the web application. It is recommendedRememberMeAuthenticationTokenbe used in most cases, as it has a corresponding authentication provider.- Specified by:
autoLoginin interfaceRememberMeServices- Parameters:
request- to look for a remember-me token withinresponse- to change, cancel or modify the remember-me token- Returns:
- a valid authentication object, or
nullif the request should not be authenticated
-
loginFail
public void loginFail(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:RememberMeServicesCalled whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid. Implementations should invalidate any and all remember-me tokens indicated in theHttpServletRequest.- Specified by:
loginFailin interfaceRememberMeServices- Parameters:
request- that contained an invalid authentication requestresponse- to change, cancel or modify the remember-me token
-
loginSuccess
public void loginSuccess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication successfulAuthentication) Description copied from interface:RememberMeServicesCalled whenever an interactive authentication attempt is successful. An implementation may automatically set a remember-me token in theHttpServletResponse, although this is not recommended. Instead, implementations should typically look for a request parameter that indicates the browser has presented an explicit request for authentication to be remembered, such as the presence of a HTTP POST parameter.- Specified by:
loginSuccessin interfaceRememberMeServices- Parameters:
request- that contained the valid authentication requestresponse- to change, cancel or modify the remember-me tokensuccessfulAuthentication- representing the successfully authenticated principal
-