Package org.springframework.security.config.annotation.web.configurers

Class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<RememberMeConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer<H>
All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>
public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<RememberMeConfigurer<H>,H>
Configures Remember Me authentication. This typically involves the user checking a box when they enter their username and password that states to "Remember Me".

Security Filters

The following Filters are populated
  • RememberMeAuthenticationFilter

Shared Objects Created

The following shared objects are populated

Shared Objects Used

The following shared objects are used:
  • AuthenticationManager
  • UserDetailsService if no userDetailsService(UserDetailsService) was specified.
  • DefaultLoginPageGeneratingFilter - if present will be populated with information from the configuration
Since:
3.2

  • Constructor Details

    • RememberMeConfigurer

      public RememberMeConfigurer()
      Creates a new instance

  • Method Details

    • tokenValiditySeconds

      public RememberMeConfigurer<H> tokenValiditySeconds(int tokenValiditySeconds)
      Allows specifying how long (in seconds) a token is valid for
      Parameters:
      tokenValiditySeconds -
      Returns:
      RememberMeConfigurer for further customization
      See Also:
      • AbstractRememberMeServices.setTokenValiditySeconds(int)

    • useSecureCookie

      public RememberMeConfigurer<H> useSecureCookie(boolean useSecureCookie)
      Whether the cookie should be flagged as secure or not. Secure cookies can only be sent over an HTTPS connection and thus cannot be accidentally submitted over HTTP where they could be intercepted.

      By default the cookie will be secure if the request is secure. If you only want to use remember-me over HTTPS (recommended) you should set this property to true.

      Parameters:
      useSecureCookie - set to true to always user secure cookies, false to disable their use.
      Returns:
      the RememberMeConfigurer for further customization
      See Also:
      • AbstractRememberMeServices.setUseSecureCookie(boolean)

    • userDetailsService

      public RememberMeConfigurer<H> userDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
      Specifies the UserDetailsService used to look up the UserDetails when a remember me token is valid. When using a SecurityFilterChain bean, the default is to look for a UserDetailsService bean. Alternatively, one can populate rememberMeServices(RememberMeServices).
      Parameters:
      userDetailsService - the UserDetailsService to configure
      Returns:
      the RememberMeConfigurer for further customization
      See Also:
      • AbstractRememberMeServices

    • tokenRepository

      public RememberMeConfigurer<H> tokenRepository(org.springframework.security.web.authentication.rememberme.PersistentTokenRepository tokenRepository)
      Specifies the PersistentTokenRepository to use. The default is to use TokenBasedRememberMeServices instead.
      Parameters:
      tokenRepository - the PersistentTokenRepository to use
      Returns:
      the RememberMeConfigurer for further customization

    • key

      public RememberMeConfigurer<H> key(String key)
      Sets the key to identify tokens created for remember me authentication. Default is a secure randomly generated key. If rememberMeServices(RememberMeServices) is specified and is of type AbstractRememberMeServices, then the default is the key set in AbstractRememberMeServices.
      Parameters:
      key - the key to identify tokens created for remember me authentication
      Returns:
      the RememberMeConfigurer for further customization

    • rememberMeParameter

      public RememberMeConfigurer<H> rememberMeParameter(String rememberMeParameter)
      The HTTP parameter used to indicate to remember the user at time of login.
      Parameters:
      rememberMeParameter - the HTTP parameter used to indicate to remember the user
      Returns:
      the RememberMeConfigurer for further customization

    • rememberMeCookieName

      public RememberMeConfigurer<H> rememberMeCookieName(String rememberMeCookieName)
      The name of cookie which store the token for remember me authentication. Defaults to 'remember-me'.
      Parameters:
      rememberMeCookieName - the name of cookie which store the token for remember me authentication
      Returns:
      the RememberMeConfigurer for further customization
      Since:
      4.0.1

    • rememberMeCookieDomain

      public RememberMeConfigurer<H> rememberMeCookieDomain(String rememberMeCookieDomain)
      The domain name within which the remember me cookie is visible.
      Parameters:
      rememberMeCookieDomain - the domain name within which the remember me cookie is visible.
      Returns:
      the RememberMeConfigurer for further customization
      Since:
      4.1.0

    • authenticationSuccessHandler

      public RememberMeConfigurer<H> authenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler)
      Allows control over the destination a remembered user is sent to when they are successfully authenticated. By default, the filter will just allow the current request to proceed, but if an AuthenticationSuccessHandler is set, it will be invoked and the doFilter() method will return immediately, thus allowing the application to redirect the user to a specific URL, regardless of what the original request was for.
      Parameters:
      authenticationSuccessHandler - the strategy to invoke immediately before returning from doFilter().
      Returns:
      RememberMeConfigurer for further customization
      See Also:
      • RememberMeAuthenticationFilter.setAuthenticationSuccessHandler(AuthenticationSuccessHandler)

    • rememberMeServices

      public RememberMeConfigurer<H> rememberMeServices(org.springframework.security.web.authentication.RememberMeServices rememberMeServices)
      Specify the RememberMeServices to use.
      Parameters:
      rememberMeServices - the RememberMeServices to use
      Returns:
      the RememberMeConfigurer for further customizations
      See Also:
      • RememberMeServices

    • alwaysRemember

      public RememberMeConfigurer<H> alwaysRemember(boolean alwaysRemember)
      Whether the cookie should always be created even if the remember-me parameter is not set.

      By default this will be set to false.

      Parameters:
      alwaysRemember - set to true to always trigger remember me, false to use the remember-me parameter.
      Returns:
      the RememberMeConfigurer for further customization
      See Also:
      • AbstractRememberMeServices.setAlwaysRemember(boolean)

    • init

      public void init(H http) throws Exception
      Description copied from interface: SecurityConfigurer
      Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.
      Specified by:
      init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Overrides:
      init in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Throws:
      Exception

    • configure

      public void configure(H http)
      Description copied from interface: SecurityConfigurer
      Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
      Specified by:
      configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Overrides:
      configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>