public class CustomPersistentRememberMeServices
extends org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Persistent tokens are used by Spring Security to automatically log in users.
This is a specific implementation of Spring Security's remember-me authentication, but it is much more powerful than the standard implementations:
This is inspired by:
The main algorithm comes from Spring Security's PersistentTokenBasedRememberMeServices, but this class couldn't be cleanly extended.
| Constructor and Description |
|---|
CustomPersistentRememberMeServices(FlowableCommonAppProperties properties,
org.springframework.security.core.userdetails.UserDetailsService userDetailsService,
PersistentTokenService persistentTokenService) |
| Modifier and Type | Method and Description |
|---|---|
Token |
createAndInsertPersistentToken(String userId,
String remoteAddress,
String userAgent) |
void |
logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.core.Authentication authentication)
When logout occurs, only invalidate the current token, and not all user sessions.
|
protected void |
onLoginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.core.Authentication successfulAuthentication) |
protected org.springframework.security.core.userdetails.UserDetails |
processAutoLoginCookie(String[] cookieTokens,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
protected void |
setCookie(String[] tokens,
int maxAge,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
afterPropertiesSet, autoLogin, cancelCookie, createSuccessfulAuthentication, decodeCookie, encodeCookie, extractRememberMeCookie, getAuthenticationDetailsSource, getCookieName, getKey, getParameter, getTokenValiditySeconds, getUserDetailsService, loginFail, loginSuccess, onLoginFail, rememberMeRequested, setAlwaysRemember, setAuthenticationDetailsSource, setAuthoritiesMapper, setCookieDomain, setCookieName, setMessageSource, setParameter, setTokenValiditySeconds, setUserDetailsChecker, setUseSecureCookiepublic CustomPersistentRememberMeServices(FlowableCommonAppProperties properties, org.springframework.security.core.userdetails.UserDetailsService userDetailsService, PersistentTokenService persistentTokenService)
protected void onLoginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.core.Authentication successfulAuthentication)
onLoginSuccess in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicesprotected org.springframework.security.core.userdetails.UserDetails processAutoLoginCookie(String[] cookieTokens, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
processAutoLoginCookie in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicespublic void logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.core.Authentication authentication)
The standard Spring Security implementations are too basic: they invalidate all tokens for the current user, so when he logs out from one browser, all his other sessions are destroyed.
logout in interface org.springframework.security.web.authentication.logout.LogoutHandlerlogout in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicesprotected void setCookie(String[] tokens, int maxAge, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
setCookie in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicesCopyright © 2022 Flowable. All rights reserved.