public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
is populated with a RememberMeAuthenticationProviderRememberMeServices is populated as a shared object and available on AbstractConfiguredSecurityBuilder.getSharedObject(Class)LogoutConfigurer.addLogoutHandler(LogoutHandler) is used to add a logout handler to clean up the remember me authentication.AuthenticationManagerUserDetailsService if no userDetailsService(UserDetailsService) was specified.DefaultLoginPageGeneratingFilter - if present will be populated with information from the configuration| Constructor and Description |
|---|
RememberMeConfigurer()
Creates a new instance
|
| Modifier and Type | Method and Description |
|---|---|
RememberMeConfigurer<H> |
authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
|
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties
on the SecurityBuilder. |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
void |
init(H http)
Initialize the
SecurityBuilder. |
RememberMeConfigurer<H> |
key(String key)
Sets the key to identify tokens created for remember me authentication.
|
RememberMeConfigurer<H> |
rememberMeServices(RememberMeServices rememberMeServices)
Specify the
RememberMeServices to use. |
RememberMeConfigurer<H> |
tokenRepository(PersistentTokenRepository tokenRepository)
Specifies the
PersistentTokenRepository to use. |
RememberMeConfigurer<H> |
tokenValiditySeconds(int tokenValiditySeconds)
Allows specifying how long (in seconds) a token is valid for
|
RememberMeConfigurer<H> |
userDetailsService(UserDetailsService userDetailsService)
Specifies the
UserDetailsService used to look up the
UserDetails when a remember me token is valid. |
RememberMeConfigurer<H> |
useSecureCookie(boolean useSecureCookie)
Whether the cookie should be flagged as secure or not.
|
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
addObjectPostProcessor, and, getBuilder, postProcess, setBuilderpublic RememberMeConfigurer<H> tokenValiditySeconds(int tokenValiditySeconds)
tokenValiditySeconds - RememberMeConfigurer for further customizationAbstractRememberMeServices.setTokenValiditySeconds(int)public RememberMeConfigurer<H> useSecureCookie(boolean useSecureCookie)
By default the cookie will be secure if the request is secure. If you only want to use remember-me over
HTTPS (recommended) you should set this property to true.
useSecureCookie - set to true to always user secure cookies, false to disable their use.RememberMeConfigurer for further customizationAbstractRememberMeServices.setUseSecureCookie(boolean)public RememberMeConfigurer<H> userDetailsService(UserDetailsService userDetailsService)
UserDetailsService used to look up the
UserDetails when a remember me token is valid. The default is to
use the UserDetailsService found by invoking
AbstractConfiguredSecurityBuilder.getSharedObject(Class) which is set when using
WebSecurityConfigurerAdapter.configure(AuthenticationManagerBuilder).
Alternatively, one can populate rememberMeServices(RememberMeServices).userDetailsService - the UserDetailsService to configureRememberMeConfigurer for further customizationAbstractRememberMeServicespublic RememberMeConfigurer<H> tokenRepository(PersistentTokenRepository tokenRepository)
PersistentTokenRepository to use. The default is to
use TokenBasedRememberMeServices instead.tokenRepository - the PersistentTokenRepository to useRememberMeConfigurer for further customizationpublic RememberMeConfigurer<H> key(String key)
key - the key to identify tokens created for remember me authenticationRememberMeConfigurer for further customizationpublic RememberMeConfigurer<H> authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)
AuthenticationSuccessHandler is set, it will be invoked and the doFilter() method will return
immediately, thus allowing the application to redirect the user to a specific URL, regardless of what the original
request was for.authenticationSuccessHandler - the strategy to invoke immediately before returning from doFilter().RememberMeConfigurer for further customizationRememberMeAuthenticationFilter.setAuthenticationSuccessHandler(AuthenticationSuccessHandler)public RememberMeConfigurer<H> rememberMeServices(RememberMeServices rememberMeServices)
RememberMeServices to use.rememberMeServices - the RememberMeServices to useRememberMeConfigurer for further customizationsRememberMeServicespublic void init(H http) throws Exception
SecurityConfigurerSecurityBuilder. Here only shared state should be
created and modified, but not properties on the SecurityBuilder
used for building the object. This ensures that the
SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared
objects when building.init in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>init in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>Exceptionpublic void configure(H http) throws Exception
SecurityConfigurerSecurityBuilder by setting the necessary properties
on the SecurityBuilder.configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>Exceptionpublic B disable()
AbstractHttpConfigurer by removing it. After doing
so a fresh version of the configuration can be applied.HttpSecurityBuilder for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)