| org.acegisecurity.ui.rememberme.RememberMeServices
All known Subclasses: org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices, org.acegisecurity.ui.rememberme.NullRememberMeServices,
| RememberMeServices | | public interface RememberMeServices (Code) | | Implement by a class that is capable of providing a remember-me service.
Acegi Security filters (namely
org.acegisecurity.ui.AbstractProcessingFilter and
org.acegisecurity.ui.rememberme.RememberMeProcessingFilter will call
the methods provided by an implementation of this interface.
Implementations may implement any type of remember-me capability they wish.
Rolling cookies (as per
http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice)
can be used, as can simple implementations that don't require a persistent
store. Implementations also determine the validity period of a remember-me
cookie. This interface has been designed to accommodate any of these
remember-me models.
This interface does not define how remember-me services should offer a
"cancel all remember-me tokens" type capability, as this will be
implementation specific and requires no hooks into Acegi Security.
author:
Ben Alex
version:
$Id: RememberMeServices.java 1784 2007-02-24 21:00:24Z luke_t $ |
| autoLogin | | Authentication autoLogin(HttpServletRequest request, HttpServletResponse response)(Code) | | This method will be called whenever the SecurityContextHolder does not contain an
Authentication and the Acegi Security system wishes to provide an implementation with an
opportunity to authenticate the request using remember-me capabilities. Acegi Security makes no attempt
whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie.
Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for
whatever reason, it should be silently ignored and invalidated using the HttpServletResponse
object.The returned Authentication must be acceptable to
org.acegisecurity.AuthenticationManager or
org.acegisecurity.providers.AuthenticationProvider defined
by the web application. It is recommended
org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken be used in most cases, as it has a
corresponding authentication provider.
Parameters:
request - to look for a remember-me token within
Parameters:
response - to change, cancel or modify the remember-me token a valid authentication object, or null if the request should not be authenticated |
| loginFail | | void loginFail(HttpServletRequest request, HttpServletResponse response)(Code) | | Called whenever an interactive authentication attempt was made, but the credentials supplied by the user
were missing or otherwise invalid. Implementations should invalidate any and all remember-me tokens indicated
in the HttpServletRequest.
Parameters:
request - that contained an invalid authentication request
Parameters:
response - to change, cancel or modify the remember-me token |
| loginSuccess | | void loginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication)(Code) | | Called whenever an interactive authentication attempt is successful. An implementation may automatically
set a remember-me token in the HttpServletResponse, although this is not recommended. Instead,
implementations should typically look for a request parameter that indicates the browser has presented an
explicit request for authentication to be remembered, such as the presence of a HTTP POST parameter.
Parameters:
request - that contained the valid authentication request
Parameters:
response - to change, cancel or modify the remember-me token
Parameters:
successfulAuthentication - representing the successfully authenticated principal |
|
|