Package com.broadleafcommerce.auth.authorization.security.rememberme.autoconfigure

Class RememberMeLoginAuthenticationConfigurer

java.lang.Object

com.broadleafcommerce.auth.authorization.security.rememberme.autoconfigure.RememberMeLoginAuthenticationConfigurer

public class RememberMeLoginAuthenticationConfigurer
extends Object

Responsible for configuring 'Remember Me' support in the authentication security filter chain in SecurityAutoConfiguration.

See Also:

• RememberMeLoginAutoConfiguration

Constructor Summary

Constructors

Constructor	Description
RememberMeLoginAuthenticationConfigurer(org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter rememberMeAuthenticationFilter, RememberMeLoginProperties rememberMeLoginProperties)

Method Summary

Modifier and Type	Method	Description
void	configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)	Note - we explicitly avoid using the first-class HttpSecurity.rememberMe(Customizer) DSL since it hard-codes certain configuration such as the RememberMeAuthenticationFilter and is not fully overridable.
protected org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter	getRememberMeAuthenticationFilter()
protected RememberMeLoginProperties	getRememberMeLoginProperties()
protected void	registerFilter(org.springframework.security.config.annotation.web.builders.HttpSecurity http)	Spring's official documentation says the remember me filter is typically placed immediately after the UsernamePasswordAuthenticationFilter (or, in our case, the FormLoginAuthenticationFilter).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RememberMeLoginAuthenticationConfigurer

public RememberMeLoginAuthenticationConfigurer(org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter rememberMeAuthenticationFilter,
 RememberMeLoginProperties rememberMeLoginProperties)

Method Details

configure

public void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
               throws Exception

Note - we explicitly avoid using the first-class HttpSecurity.rememberMe(Customizer) DSL since it hard-codes certain configuration such as the RememberMeAuthenticationFilter and is not fully overridable. Instead, we manually define the various configurations ourselves.

Parameters:

http - the authentication security filter chain customizing object

Throws:

Exception - if something goes wrong

registerFilter

protected void registerFilter(org.springframework.security.config.annotation.web.builders.HttpSecurity http)

Spring's official documentation says the remember me filter is typically placed immediately after the UsernamePasswordAuthenticationFilter (or, in our case, the FormLoginAuthenticationFilter).

However, in our BroadleafRememberMeAuthenticationFilter implementation, we have special behavioral expectations. Please review BroadleafRememberMeAuthenticationFilter.doFilter(ServletRequest, ServletResponse, FilterChain) for more details on their interaction and the motivation behind the filter's ordering.

Parameters:

http - the authentication filter chain

getRememberMeAuthenticationFilter

protected org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter getRememberMeAuthenticationFilter()

getRememberMeLoginProperties

protected RememberMeLoginProperties getRememberMeLoginProperties()