public class

NullRememberMeServices

extends Object
implements RememberMeServices
java.lang.Object
   ↳ org.springframework.security.web.authentication.NullRememberMeServices

Class Overview

Implementation of NullRememberMeServices that does nothing.

Used as a default by several framework classes.

Summary

Public Constructors
NullRememberMeServices()
Public Methods
Authentication autoLogin(HttpServletRequest request, HttpServletResponse response)
This method will be called whenever the SecurityContextHolder does not contain an Authentication object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.
void loginFail(HttpServletRequest request, HttpServletResponse response)
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
void loginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication)
Called whenever an interactive authentication attempt is successful.
[Expand]
Inherited Methods
From class java.lang.Object
From interface org.springframework.security.web.authentication.RememberMeServices

Public Constructors

public NullRememberMeServices ()

Public Methods

public Authentication autoLogin (HttpServletRequest request, HttpServletResponse response)

This method will be called whenever the SecurityContextHolder does not contain an Authentication object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities. Spring Security makes no attempt whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie. Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for whatever reason, it should be silently ignored and invalidated using the HttpServletResponse object.

The returned Authentication must be acceptable to AuthenticationManager or AuthenticationProvider defined by the web application. It is recommended RememberMeAuthenticationToken be used in most cases, as it has a corresponding authentication provider.

Parameters
request to look for a remember-me token within
response to change, cancel or modify the remember-me token
Returns
  • a valid authentication object, or null if the request should not be authenticated

public void loginFail (HttpServletRequest request, HttpServletResponse response)

Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid. Implementations should invalidate any and all remember-me tokens indicated in the HttpServletRequest.

Parameters
request that contained an invalid authentication request
response to change, cancel or modify the remember-me token

public void loginSuccess (HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication)

Called whenever an interactive authentication attempt is successful. An implementation may automatically set a remember-me token in the HttpServletResponse, although this is not recommended. Instead, implementations should typically look for a request parameter that indicates the browser has presented an explicit request for authentication to be remembered, such as the presence of a HTTP POST parameter.

Parameters
request that contained the valid authentication request
response to change, cancel or modify the remember-me token
successfulAuthentication representing the successfully authenticated principal