public class FlowablePersistentRememberMeServices
extends org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Persistent tokens are used by Spring Security to automatically log in users.
This is a specific implementation of Spring Security's remember-me authentication, but it is much more powerful than the standard implementations:This is inspired by:
The main algorithm comes from Spring Security's PersistentTokenBasedRememberMeServices, but this class couldn't be cleanly extended.
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_PARAMETER |
protected PersistentTokenService |
persistentTokenService |
static String |
SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY |
Constructor and Description |
---|
FlowablePersistentRememberMeServices(String key,
org.springframework.security.core.userdetails.UserDetailsService userDetailsService,
PersistentTokenService persistentTokenService) |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
org.flowable.idm.api.Token |
createAndInsertPersistentToken(String userId,
String remoteAddress,
String userAgent) |
void |
logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.core.Authentication authentication)
When logout occurs, only invalidate the current token, and not all user sessions.
|
protected void |
onLoginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.core.Authentication successfulAuthentication) |
protected org.springframework.security.core.userdetails.UserDetails |
processAutoLoginCookie(String[] cookieTokens,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
void |
setCookieMaxAge(Duration duration) |
void |
setStoreUserDetails(boolean storeUserDetails) |
void |
setTokenRefreshDuration(Duration duration) |
autoLogin, cancelCookie, createSuccessfulAuthentication, decodeCookie, encodeCookie, extractRememberMeCookie, getAuthenticationDetailsSource, getCookieName, getKey, getParameter, getTokenValiditySeconds, getUserDetailsService, loginFail, loginSuccess, onLoginFail, rememberMeRequested, setAlwaysRemember, setAuthenticationDetailsSource, setAuthoritiesMapper, setCookie, setCookieDomain, setCookieName, setParameter, setTokenValiditySeconds, setUserDetailsChecker, setUseSecureCookie
public static final String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY
public static final String DEFAULT_PARAMETER
protected final PersistentTokenService persistentTokenService
public FlowablePersistentRememberMeServices(String key, org.springframework.security.core.userdetails.UserDetailsService userDetailsService, PersistentTokenService persistentTokenService)
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
afterPropertiesSet
in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Exception
protected void onLoginSuccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication successfulAuthentication)
onLoginSuccess
in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
protected org.springframework.security.core.userdetails.UserDetails processAutoLoginCookie(String[] cookieTokens, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
processAutoLoginCookie
in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
public void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)
The standard Spring Security implementations are too basic: they invalidate all tokens for the current user, so when he logs out from one browser, all his other sessions are destroyed.
logout
in interface org.springframework.security.web.authentication.logout.LogoutHandler
logout
in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
public org.flowable.idm.api.Token createAndInsertPersistentToken(String userId, String remoteAddress, String userAgent)
public void setCookieMaxAge(Duration duration)
public void setTokenRefreshDuration(Duration duration)
public void setStoreUserDetails(boolean storeUserDetails)
Copyright © 2019. All rights reserved.