|
|
@@ -25,27 +25,19 @@ import javax.servlet.http.HttpServletResponse;
|
|
|
* Implement by a class that is capable of providing a remember-me service.
|
|
|
*
|
|
|
* <p>
|
|
|
- * Spring Security filters (namely {@link
|
|
|
- * org.springframework.security.ui.AbstractProcessingFilter} and {@link
|
|
|
- * org.springframework.security.ui.rememberme.RememberMeProcessingFilter} will call
|
|
|
+ * Spring Security filters (namely {@link org.springframework.security.ui.AbstractProcessingFilter} and
|
|
|
+ * {@link org.springframework.security.ui.rememberme.RememberMeProcessingFilter} will call
|
|
|
* the methods provided by an implementation of this interface.
|
|
|
- * </p>
|
|
|
- *
|
|
|
* <p>
|
|
|
* Implementations may implement any type of remember-me capability they wish.
|
|
|
* Rolling cookies (as per <a href="http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice">
|
|
|
* http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice</a>)
|
|
|
- * can be used, as can simple implementations that don't require a persistent
|
|
|
- * store. Implementations also determine the validity period of a remember-me
|
|
|
- * cookie. This interface has been designed to accommodate any of these
|
|
|
+ * can be used, as can simple implementations that don't require a persistent store. Implementations also determine
|
|
|
+ * the validity period of a remember-me cookie. This interface has been designed to accommodate any of these
|
|
|
* remember-me models.
|
|
|
- * </p>
|
|
|
- *
|
|
|
* <p>
|
|
|
- * This interface does not define how remember-me services should offer a
|
|
|
- * "cancel all remember-me tokens" type capability, as this will be
|
|
|
- * implementation specific and requires no hooks into Spring Security.
|
|
|
- * </p>
|
|
|
+ * This interface does not define how remember-me services should offer a "cancel all remember-me tokens" type
|
|
|
+ * capability, as this will be implementation specific and requires no hooks into Spring Security.
|
|
|
*
|
|
|
* @author Ben Alex
|
|
|
* @version $Id$
|
|
|
@@ -60,11 +52,13 @@ public interface RememberMeServices {
|
|
|
* whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie.
|
|
|
* Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for
|
|
|
* whatever reason, it should be silently ignored and invalidated using the <code>HttpServletResponse</code>
|
|
|
- * object.<p>The returned <code>Authentication</code> must be acceptable to {@link
|
|
|
- * org.springframework.security.AuthenticationManager} or
|
|
|
- * {@link org.springframework.security.providers.AuthenticationProvider} defined by the web application. It is recommended {@link
|
|
|
- * org.springframework.security.providers.rememberme.RememberMeAuthenticationToken} be used in most cases, as it has a
|
|
|
- * corresponding authentication provider.</p>
|
|
|
+ * object.
|
|
|
+ * <p>
|
|
|
+ * The returned <code>Authentication</code> must be acceptable to
|
|
|
+ * {@link org.springframework.security.AuthenticationManager} or
|
|
|
+ * {@link org.springframework.security.providers.AuthenticationProvider} defined by the web application.
|
|
|
+ * It is recommended {@link org.springframework.security.providers.rememberme.RememberMeAuthenticationToken} be
|
|
|
+ * used in most cases, as it has a corresponding authentication provider.
|
|
|
*
|
|
|
* @param request to look for a remember-me token within
|
|
|
* @param response to change, cancel or modify the remember-me token
|
Luke Taylor