Class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<RememberMeConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer<H>
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,
H>
public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<RememberMeConfigurer<H>,H>
Configures Remember Me authentication. This typically involves the user checking a box
when they enter their username and password that states to "Remember Me".
Security Filters
The following Filters are populatedShared Objects Created
The following shared objects are populated-
HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
is populated with aRememberMeAuthenticationProvider
RememberMeServices
is populated as a shared object and available onAbstractConfiguredSecurityBuilder.getSharedObject(Class)
LogoutConfigurer.addLogoutHandler(LogoutHandler)
is used to add a logout handler to clean up the remember me authentication.
Shared Objects Used
The following shared objects are used:AuthenticationManager
UserDetailsService
if nouserDetailsService(UserDetailsService)
was specified.DefaultLoginPageGeneratingFilter
- if present will be populated with information from the configuration
- Since:
- 3.2
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionalwaysRemember
(boolean alwaysRemember) Whether the cookie should always be created even if the remember-me parameter is not set.authenticationSuccessHandler
(AuthenticationSuccessHandler authenticationSuccessHandler) Allows control over the destination a remembered user is sent to when they are successfully authenticated.void
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.void
Initialize theSecurityBuilder
.Sets the key to identify tokens created for remember me authentication.rememberMeCookieDomain
(String rememberMeCookieDomain) The domain name within which the remember me cookie is visible.rememberMeCookieName
(String rememberMeCookieName) The name of cookie which store the token for remember me authentication.rememberMeParameter
(String rememberMeParameter) The HTTP parameter used to indicate to remember the user at time of login.rememberMeServices
(RememberMeServices rememberMeServices) Specify theRememberMeServices
to use.tokenRepository
(PersistentTokenRepository tokenRepository) Specifies thePersistentTokenRepository
to use.tokenValiditySeconds
(int tokenValiditySeconds) Allows specifying how long (in seconds) a token is valid foruserDetailsService
(UserDetailsService userDetailsService) Specifies theUserDetailsService
used to look up theUserDetails
when a remember me token is valid.useSecureCookie
(boolean useSecureCookie) Whether the cookie should be flagged as secure or not.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
RememberMeConfigurer
public RememberMeConfigurer()Creates a new instance
-
-
Method Details
-
tokenValiditySeconds
Allows specifying how long (in seconds) a token is valid for- Parameters:
tokenValiditySeconds
-- Returns:
RememberMeConfigurer
for further customization- See Also:
-
useSecureCookie
Whether the cookie should be flagged as secure or not. Secure cookies can only be sent over an HTTPS connection and thus cannot be accidentally submitted over HTTP where they could be intercepted.By default the cookie will be secure if the request is secure. If you only want to use remember-me over HTTPS (recommended) you should set this property to
true
.- Parameters:
useSecureCookie
- set totrue
to always user secure cookies,false
to disable their use.- Returns:
- the
RememberMeConfigurer
for further customization - See Also:
-
userDetailsService
Specifies theUserDetailsService
used to look up theUserDetails
when a remember me token is valid. When using aSecurityFilterChain
bean, the default is to look for aUserDetailsService
bean. Alternatively, one can populaterememberMeServices(RememberMeServices)
.- Parameters:
userDetailsService
- theUserDetailsService
to configure- Returns:
- the
RememberMeConfigurer
for further customization - See Also:
-
tokenRepository
Specifies thePersistentTokenRepository
to use. The default is to useTokenBasedRememberMeServices
instead.- Parameters:
tokenRepository
- thePersistentTokenRepository
to use- Returns:
- the
RememberMeConfigurer
for further customization
-
key
Sets the key to identify tokens created for remember me authentication. Default is a secure randomly generated key. IfrememberMeServices(RememberMeServices)
is specified and is of typeAbstractRememberMeServices
, then the default is the key set inAbstractRememberMeServices
.- Parameters:
key
- the key to identify tokens created for remember me authentication- Returns:
- the
RememberMeConfigurer
for further customization
-
rememberMeParameter
The HTTP parameter used to indicate to remember the user at time of login.- Parameters:
rememberMeParameter
- the HTTP parameter used to indicate to remember the user- Returns:
- the
RememberMeConfigurer
for further customization
-
rememberMeCookieName
The name of cookie which store the token for remember me authentication. Defaults to 'remember-me'.- Parameters:
rememberMeCookieName
- the name of cookie which store the token for remember me authentication- Returns:
- the
RememberMeConfigurer
for further customization - Since:
- 4.0.1
-
rememberMeCookieDomain
The domain name within which the remember me cookie is visible.- Parameters:
rememberMeCookieDomain
- the domain name within which the remember me cookie is visible.- Returns:
- the
RememberMeConfigurer
for further customization - Since:
- 4.1.0
-
authenticationSuccessHandler
public RememberMeConfigurer<H> authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) Allows control over the destination a remembered user is sent to when they are successfully authenticated. By default, the filter will just allow the current request to proceed, but if anAuthenticationSuccessHandler
is set, it will be invoked and thedoFilter()
method will return immediately, thus allowing the application to redirect the user to a specific URL, regardless of what the original request was for.- Parameters:
authenticationSuccessHandler
- the strategy to invoke immediately before returning fromdoFilter()
.- Returns:
RememberMeConfigurer
for further customization- See Also:
-
rememberMeServices
Specify theRememberMeServices
to use.- Parameters:
rememberMeServices
- theRememberMeServices
to use- Returns:
- the
RememberMeConfigurer
for further customizations - See Also:
-
alwaysRemember
Whether the cookie should always be created even if the remember-me parameter is not set.By default this will be set to
false
.- Parameters:
alwaysRemember
- set totrue
to always trigger remember me,false
to use the remember-me parameter.- Returns:
- the
RememberMeConfigurer
for further customization - See Also:
-
init
Description copied from interface:SecurityConfigurer
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
init
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
init
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Throws:
Exception
-
configure
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
configure
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>>
-