Class RememberMeAuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

    public class RememberMeAuthenticationFilter
    extends org.springframework.web.filter.GenericFilterBean
    implements org.springframework.context.ApplicationEventPublisherAware
    Detects if there is no Authentication object in the SecurityContext, and populates the context with a remember-me authentication token if a RememberMeServices implementation so requests.

    Concrete RememberMeServices implementations will have their RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse) method called by this filter. If this method returns a non-null Authentication object, it will be passed to the AuthenticationManager, so that any authentication-specific behaviour can be achieved. The resulting Authentication (if successful) will be placed into the SecurityContext.

    If authentication is successful, an InteractiveAuthenticationSuccessEvent will be published to the application context. No events will be published if authentication was unsuccessful, because this would generally be recorded via an AuthenticationManager-specific application event.

    Normally the request will be allowed to proceed regardless of whether authentication succeeds or fails. If some control over the destination for authenticated users is required, an AuthenticationSuccessHandler can be injected

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
        Specified by:
        doFilter in interface javax.servlet.Filter
      • onSuccessfulAuthentication

        protected void onSuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request,
                                                  javax.servlet.http.HttpServletResponse response,
                                                  Authentication authResult)
        Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.
      • onUnsuccessfulAuthentication

        protected void onUnsuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request,
                                                    javax.servlet.http.HttpServletResponse response,
                                                    AuthenticationException failed)
        Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method. This method will not be called when no remember-me token is present in the request and autoLogin reurns null.
      • setApplicationEventPublisher

        public void setApplicationEventPublisher​(org.springframework.context.ApplicationEventPublisher eventPublisher)
        Specified by:
        setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAware
      • setAuthenticationSuccessHandler

        public void setAuthenticationSuccessHandler​(AuthenticationSuccessHandler successHandler)
        Allows control over the destination a remembered user is sent to when they are successfully authenticated. By default, the filter will just allow the current request to proceed, but if an AuthenticationSuccessHandler is set, it will be invoked and the doFilter() method will return immediately, thus allowing the application to redirect the user to a specific URL, regardless of whatthe original request was for.
        successHandler - the strategy to invoke immediately before returning from doFilter().