| java.lang.Object | |
| ↳ | org.springframework.security.web.authentication.NullRememberMeServices |
Class Overview
Implementation of NullRememberMeServices that does nothing.
Used as a default by several framework classes.
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
This method will be called whenever the
SecurityContextHolder does not contain an
Authentication object and Spring Security wishes to provide an implementation with an
opportunity to authenticate the request using remember-me capabilities. | |||||||||||
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user
were missing or otherwise invalid.
| |||||||||||
Called whenever an interactive authentication attempt is successful.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
|
From interface
org.springframework.security.web.authentication.RememberMeServices
| |||||||||||
Public Constructors
public NullRememberMeServices ()
Public Methods
public Authentication autoLogin (HttpServletRequest request, HttpServletResponse response)
This method will be called whenever the SecurityContextHolder does not contain an
Authentication object and Spring Security wishes to provide an implementation with an
opportunity to authenticate the request using remember-me capabilities. Spring Security makes no attempt
whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie.
Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for
whatever reason, it should be silently ignored and invalidated using the HttpServletResponse
object.
The returned Authentication must be acceptable to
AuthenticationManager or
AuthenticationProvider defined by the web application.
It is recommended RememberMeAuthenticationToken be
used in most cases, as it has a corresponding authentication provider.
Parameters
| request | to look for a remember-me token within |
|---|---|
| response | to change, cancel or modify the remember-me token |
Returns
- a valid authentication object, or
nullif the request should not be authenticated
public void loginFail (HttpServletRequest request, HttpServletResponse response)
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user
were missing or otherwise invalid. Implementations should invalidate any and all remember-me tokens indicated
in the HttpServletRequest.
Parameters
| request | that contained an invalid authentication request |
|---|---|
| response | to change, cancel or modify the remember-me token |
public void loginSuccess (HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication)
Called whenever an interactive authentication attempt is successful. An implementation may automatically
set a remember-me token in the HttpServletResponse, although this is not recommended. Instead,
implementations should typically look for a request parameter that indicates the browser has presented an
explicit request for authentication to be remembered, such as the presence of a HTTP POST parameter.
Parameters
| request | that contained the valid authentication request |
|---|---|
| response | to change, cancel or modify the remember-me token |
| successfulAuthentication | representing the successfully authenticated principal |