|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
public interface RememberMeServices
Implement by a class that is capable of providing a remember-me service.
Acegi Security filters (namely AbstractProcessingFilter and RememberMeProcessingFilter will call
the methods provided by an implementation of this interface.
Implementations may implement any type of remember-me capability they wish. Rolling cookies (as per http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) can be used, as can simple implementations that don't require a persistent store. Implementations also determine the validity period of a remember-me cookie. This interface has been designed to accommodate any of these remember-me models.
This interface does not define how remember-me services should offer a "cancel all remember-me tokens" type capability, as this will be implementation specific and requires no hooks into Acegi Security.
| Method Summary | |
|---|---|
Authentication |
autoLogin(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This method will be called whenever the SecurityContextHolder does
not contain an Authentication and the Acegi Security
system wishes to provide an implementation with an opportunity to
authenticate the request using remember-me capabilities. |
void |
loginFail(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid. |
void |
loginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication successfulAuthentication)
Called whenever an interactive authentication attempt is successful. |
| Method Detail |
|---|
Authentication autoLogin(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
SecurityContextHolder does
not contain an Authentication and the Acegi Security
system wishes to provide an implementation with an opportunity to
authenticate the request using remember-me capabilities. Acegi Security
makes no attempt whatsoever to determine whether the browser has
requested remember-me services or presented a valid cookie. Such
determinations are left to the implementation. If a browser has
presented an unauthorised cookie for whatever reason, it should be
silently ignored and invalidated using the
HttpServletResponse object.
The returned Authentication must be acceptable to AuthenticationManager or AuthenticationProvider defined by the
web application. It is recommended RememberMeAuthenticationToken
be used in most cases, as it has a corresponding authentication
provider.
request - to look for a remember-me token withinresponse - to change, cancel or modify the remember-me token
null if the
request should not be authenticated
void loginFail(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
HttpServletRequest.
request - that contained an invalid authentication requestresponse - to change, cancel or modify the remember-me token
void loginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication successfulAuthentication)
HttpServletResponse, although this is not recommended.
Instead, implementations should typically look for a request parameter
that indicates the browser has presented an explicit request for
authentication to be remembered, such as the presence of a HTTP POST
parameter.
request - that contained the valid authentication requestresponse - to change, cancel or modify the remember-me tokensuccessfulAuthentication - representing the successfully
authenticated principal
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||