Announcement Announcement Module
Collapse
No announcement yet.
Log user in with remember-me functionality in Spring Security 3.1 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Log user in with remember-me functionality in Spring Security 3.1

    I currently log users in programmatically (like when they login through Facebook or other means than using my login form) with:
    Code:
    SecurityContextHolder.getContext().setAuthentication(
          new UsernamePasswordAuthenticationToken(user, "", authorities)
    );
    What I want to do instead is log the user in as if they set the remember-me option on in the login form. So I'm guessing I need to use the RememberMeAuthenticationToken instead of the UsernamePasswordAuthenticationToken? But what do I put for the `key` argument of the constructor?

    Code:
    RememberMeAuthenticationToken(String key, Object principal, Collection<? extends GrantedAuthority> authorities)

  • #2
    The key corresponds to the RememberMeAuthenticationProvider's key so that you know which AuthenticationProvider validated it. If you are not using the RememberMeAuthenticationProvider, then this does not really matter.

    Comment


    • #3
      So I should be logging people in programmatically like the following if I also want them to be remembered?
      Code:
      SecurityContextHolder.getContext().setAuthentication(
            new RememberMeAuthenticationToken("", username, authorities)
      );

      Comment


      • #4
        Originally posted by mueller View Post
        So I should be logging people in programmatically like the following if I also want them to be remembered?
        Code:
        SecurityContextHolder.getContext().setAuthentication(
              new RememberMeAuthenticationToken("", username, authorities)
        );
        This is how you indicate that someone was logged in with Remember me authentication. If you want them to be remembered, so that next time they actually are logged in using remember me you will need to use the RememberMeServices#loginSuccess. Note that it will not actually remember you unless the rememberMeRequested returns true (either looks for alwaysRemember to be true or for the parameter (i.e. _spring_security_remember_me) to be set. Naturally you will want to specify the remember-me element so that the RememberMeAuthenticationFilter, RememberMeAuthenticationProvider, etc get setup to process the cookie set by RememberMeServices#loginSuccess the next time you login.

        Comment

        Working...
        X