java.lang.Object | ||
↳ | org.springframework.web.filter.GenericFilterBean | |
↳ | org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter |
Detects if there is no Authentication
object in the SecurityContext
, and populates the context with
a remember-me authentication token if a RememberMeServices
implementation so requests.
Concrete RememberMeServices
implementations will have their
autoLogin(HttpServletRequest, HttpServletResponse)
method called by this filter. If this method returns a non-null Authentication
object, it will be passed
to the AuthenticationManager
, so that any authentication-specific behaviour can be achieved.
The resulting Authentication
(if successful) will be placed into the SecurityContext
.
If authentication is successful, an InteractiveAuthenticationSuccessEvent
will be published
to the application context. No events will be published if authentication was unsuccessful, because this would
generally be recorded via an AuthenticationManager
-specific application event.
Normally the request will be allowed to proceed regardless of whether authentication succeeds or fails. If
some control over the destination for authenticated users is required, an AuthenticationSuccessHandler
can be injected
[Expand]
Inherited Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.web.filter.GenericFilterBean
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This constructor is deprecated.
Use constructor injection
| |||||||||||
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This method is deprecated.
Use constructor injection
| |||||||||||
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
| |||||||||||
This method is deprecated.
Use constructor injection
|
Protected Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Called if a remember-me token is presented and successfully authenticated by the
RememberMeServices
autoLogin method and the AuthenticationManager . | |||||||||||
Called if the
AuthenticationManager rejects the authentication object returned from the
RememberMeServices autoLogin method. |
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.web.filter.GenericFilterBean
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
javax.servlet.Filter
| |||||||||||
From interface
org.springframework.beans.factory.BeanNameAware
| |||||||||||
From interface
org.springframework.beans.factory.DisposableBean
| |||||||||||
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
From interface
org.springframework.context.ApplicationEventPublisherAware
| |||||||||||
From interface
org.springframework.web.context.ServletContextAware
|
This constructor is deprecated.
Use constructor injection
IOException | |
---|---|
ServletException |
This method is deprecated.
Use constructor injection
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
By default, the filter will just allow the current request to proceed, but if an
AuthenticationSuccessHandler
is set, it will be invoked and the doFilter()
method will return
immediately, thus allowing the application to redirect the user to a specific URL, regardless of whatthe original
request was for.
successHandler | the strategy to invoke immediately before returning from doFilter() .
|
---|
This method is deprecated.
Use constructor injection
Called if a remember-me token is presented and successfully authenticated by the RememberMeServices
autoLogin
method and the AuthenticationManager
.
Called if the AuthenticationManager
rejects the authentication object returned from the
RememberMeServices
autoLogin
method. This method will not be called when no remember-me
token is present in the request and autoLogin
reurns null.