public class CookieRememberMeManager extends AbstractRememberMeManager
principals to a Cookie
for later retrieval.
Cookie attributes (path, domain, maxAge, etc) may be set on this class's default
cookie attribute, which acts as a template to use to set all properties of outgoing cookies
created by this implementation.
The default cookie has the following attribute values set:
| Attribute Name | Value |
|---|---|
name |
rememberMe |
path |
/ |
maxAge |
Cookie.ONE_YEAR |
AbstractRememberMeManager which already provides serialization
and encryption logic, this class utilizes both for added security before setting the cookie value.| Modifier and Type | Field and Description |
|---|---|
static String |
DEFAULT_REMEMBER_ME_COOKIE_NAME
The default name of the underlying rememberMe cookie which is
rememberMe. |
| Constructor and Description |
|---|
CookieRememberMeManager()
Constructs a new
CookieRememberMeManager with a default rememberMe cookie template. |
| Modifier and Type | Method and Description |
|---|---|
protected void |
forgetIdentity(Subject subject)
Removes the 'rememberMe' cookie from the associated
WebSubject's request/response pair. |
void |
forgetIdentity(SubjectContext subjectContext)
Removes the 'rememberMe' cookie from the associated
WebSubjectContext's request/response pair. |
Cookie |
getCookie()
Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by
this
RememberMeManager. |
protected byte[] |
getRememberedSerializedIdentity(SubjectContext subjectContext)
Returns a previously serialized identity byte array or
null if the byte array could not be acquired. |
protected void |
rememberSerializedIdentity(Subject subject,
byte[] serialized)
Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value.
|
void |
setCookie(Cookie cookie)
Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by
this
RememberMeManager. |
convertBytesToPrincipals, convertPrincipalsToBytes, decrypt, deserialize, encrypt, getCipherKey, getCipherService, getDecryptionCipherKey, getEncryptionCipherKey, getIdentityToRemember, getRememberedPrincipals, getSerializer, isRememberMe, onFailedLogin, onLogout, onRememberedPrincipalFailure, onSuccessfulLogin, rememberIdentity, rememberIdentity, serialize, setCipherKey, setCipherService, setDecryptionCipherKey, setEncryptionCipherKey, setSerializerpublic static final String DEFAULT_REMEMBER_ME_COOKIE_NAME
rememberMe.public CookieRememberMeManager()
CookieRememberMeManager with a default rememberMe cookie template.public Cookie getCookie()
RememberMeManager. Outgoing cookies will match this one except for the
value attribute, which is necessarily set dynamically at runtime.
Please see the class-level JavaDoc for the default cookie's attribute values.RememberMeManager.public void setCookie(Cookie cookie)
RememberMeManager. Outgoing cookies will match this one except for the
value attribute, which is necessarily set dynamically at runtime.
Please see the class-level JavaDoc for the default cookie's attribute values.cookie - the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created
by this RememberMeManager.protected void rememberSerializedIdentity(Subject subject, byte[] serialized)
subject instance is expected to be a WebSubject instance with an HTTP Request/Response pair
so an HTTP cookie can be set on the outgoing response. If it is not a WebSubject or that
WebSubject does not have an HTTP Request/Response pair, this implementation does nothing.rememberSerializedIdentity in class AbstractRememberMeManagersubject - the Subject for which the identity is being serialized.serialized - the serialized bytes to be persisted.protected byte[] getRememberedSerializedIdentity(SubjectContext subjectContext)
null if the byte array could not be acquired.
This implementation retrieves an HTTP cookie, Base64-decodes the cookie value, and returns the resulting byte
array.
The SubjectContext instance is expected to be a WebSubjectContext instance with an HTTP
Request/Response pair so an HTTP cookie can be retrieved from the incoming request. If it is not a
WebSubjectContext or that WebSubjectContext does not have an HTTP Request/Response pair, this
implementation returns null.getRememberedSerializedIdentity in class AbstractRememberMeManagersubjectContext - the contextual data, usually provided by a Subject.Builder implementation, that
is being used to construct a Subject instance. To be used to assist with data
lookup.null if the byte array could not be acquired.protected void forgetIdentity(Subject subject)
WebSubject's request/response pair.
The subject instance is expected to be a WebSubject instance with an HTTP Request/Response pair.
If it is not a WebSubject or that WebSubject does not have an HTTP Request/Response pair, this
implementation does nothing.forgetIdentity in class AbstractRememberMeManagersubject - the subject instance for which identity data should be forgotten from the underlying persistencepublic void forgetIdentity(SubjectContext subjectContext)
WebSubjectContext's request/response pair.
The SubjectContext instance is expected to be a WebSubjectContext instance with an HTTP
Request/Response pair. If it is not a WebSubjectContext or that WebSubjectContext does not
have an HTTP Request/Response pair, this implementation does nothing.subjectContext - the contextual data, usually provided by a Subject.Builder implementationCopyright © 2004–2019 The Apache Software Foundation. All rights reserved.