public class

RememberMeAuthenticationFilter

extends GenericFilterBean
implements ApplicationEventPublisherAware
java.lang.Object
   ↳ org.springframework.web.filter.GenericFilterBean
     ↳ org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

Class Overview

Detects if there is no Authentication object in the SecurityContext, and populates the context with a remember-me authentication token if a RememberMeServices implementation so requests.

Concrete RememberMeServices implementations will have their autoLogin(HttpServletRequest, HttpServletResponse) method called by this filter. If this method returns a non-null Authentication object, it will be passed to the AuthenticationManager, so that any authentication-specific behaviour can be achieved. The resulting Authentication (if successful) will be placed into the SecurityContext.

If authentication is successful, an InteractiveAuthenticationSuccessEvent will be published to the application context. No events will be published if authentication was unsuccessful, because this would generally be recorded via an AuthenticationManager-specific application event.

Normally the request will be allowed to proceed regardless of whether authentication succeeds or fails. If some control over the destination for authenticated users is required, an AuthenticationSuccessHandler can be injected

Summary

[Expand]
Inherited Fields
From class org.springframework.web.filter.GenericFilterBean
Public Constructors
RememberMeAuthenticationFilter()
This constructor is deprecated. Use constructor injection
RememberMeAuthenticationFilter(AuthenticationManager authenticationManager, RememberMeServices rememberMeServices)
Public Methods
void afterPropertiesSet()
void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
RememberMeServices getRememberMeServices()
void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
void setAuthenticationManager(AuthenticationManager authenticationManager)
This method is deprecated. Use constructor injection
void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler)
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
void setRememberMeServices(RememberMeServices rememberMeServices)
This method is deprecated. Use constructor injection
Protected Methods
void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult)
Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.
void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method.
[Expand]
Inherited Methods
From class org.springframework.web.filter.GenericFilterBean
From class java.lang.Object
From interface javax.servlet.Filter
From interface org.springframework.beans.factory.BeanNameAware
From interface org.springframework.beans.factory.DisposableBean
From interface org.springframework.beans.factory.InitializingBean
From interface org.springframework.context.ApplicationEventPublisherAware
From interface org.springframework.web.context.ServletContextAware

Public Constructors

public RememberMeAuthenticationFilter ()

This constructor is deprecated.
Use constructor injection

public RememberMeAuthenticationFilter (AuthenticationManager authenticationManager, RememberMeServices rememberMeServices)

Public Methods

public void afterPropertiesSet ()

public void doFilter (ServletRequest req, ServletResponse res, FilterChain chain)

Throws
IOException
ServletException

public RememberMeServices getRememberMeServices ()

public void setApplicationEventPublisher (ApplicationEventPublisher eventPublisher)

public void setAuthenticationManager (AuthenticationManager authenticationManager)

This method is deprecated.
Use constructor injection

public void setAuthenticationSuccessHandler (AuthenticationSuccessHandler successHandler)

Allows control over the destination a remembered user is sent to when they are successfully authenticated. By default, the filter will just allow the current request to proceed, but if an AuthenticationSuccessHandler is set, it will be invoked and the doFilter() method will return immediately, thus allowing the application to redirect the user to a specific URL, regardless of whatthe original request was for.

Parameters
successHandler the strategy to invoke immediately before returning from doFilter().

public void setRememberMeServices (RememberMeServices rememberMeServices)

This method is deprecated.
Use constructor injection

Protected Methods

protected void onSuccessfulAuthentication (HttpServletRequest request, HttpServletResponse response, Authentication authResult)

Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.

protected void onUnsuccessfulAuthentication (HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)

Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method. This method will not be called when no remember-me token is present in the request and autoLogin reurns null.