Results 1 to 4 of 4

Thread: Log user in with remember-me functionality in Spring Security 3.1

  1. Oct 18th, 2011, 07:08 AM #1
    mueller
    mueller is offline Senior Member
    Join Date
    Feb 2008
    Posts
    169

    Question Log user in with remember-me functionality in Spring Security 3.1

    I currently log users in programmatically (like when they login through Facebook or other means than using my login form) with:
    Code:
    SecurityContextHolder.getContext().setAuthentication(
      new UsernamePasswordAuthenticationToken(user, "", authorities)
);
    What I want to do instead is log the user in as if they set the remember-me option on in the login form. So I'm guessing I need to use the RememberMeAuthenticationToken instead of the UsernamePasswordAuthenticationToken? But what do I put for the `key` argument of the constructor?

    Code:
    RememberMeAuthenticationToken(String key, Object principal, Collection<? extends GrantedAuthority> authorities)
    Reply With Quote Reply With Quote
  2. Oct 18th, 2011, 07:34 PM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    The key corresponds to the RememberMeAuthenticationProvider's key so that you know which AuthenticationProvider validated it. If you are not using the RememberMeAuthenticationProvider, then this does not really matter.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
  3. Oct 19th, 2011, 02:04 AM #3
    mueller
    mueller is offline Senior Member
    Join Date
    Feb 2008
    Posts
    169

    Default

    So I should be logging people in programmatically like the following if I also want them to be remembered?
    Code:
    SecurityContextHolder.getContext().setAuthentication(
      new RememberMeAuthenticationToken("", username, authorities)
);
    Reply With Quote Reply With Quote
  4. Oct 19th, 2011, 08:43 AM #4
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    Quote Originally Posted by mueller View Post
    So I should be logging people in programmatically like the following if I also want them to be remembered?
    Code:
    SecurityContextHolder.getContext().setAuthentication(
      new RememberMeAuthenticationToken("", username, authorities)
);
    This is how you indicate that someone was logged in with Remember me authentication. If you want them to be remembered, so that next time they actually are logged in using remember me you will need to use the RememberMeServices#loginSuccess. Note that it will not actually remember you unless the rememberMeRequested returns true (either looks for alwaysRemember to be true or for the parameter (i.e. _spring_security_remember_me) to be set. Naturally you will want to specify the remember-me element so that the RememberMeAuthenticationFilter, RememberMeAuthenticationProvider, etc get setup to process the cookie set by RememberMeServices#loginSuccess the next time you login.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules