Spring Security Remember Me
Spring Security Remember Me, Introduction, Features, Project Modules, XML Example, Java Example, Login Logout, Spring Boot, Spring Core, Spring with JPA, Spring with Hibernate, Spring with Struts, Spring MVC, Spring Integration etc.
Spring Security Remember Me
Remember me is a feature that allows a user to access into application without re-login. User's login session terminates after closing the browser and if user again access the application by opening browser, it prompts for login.
But we can avoid this re-login by using remember me feature. It stores user's identity into the Cookie or database and use to identity the user.
We are implementing this into the following example. Lets see an example.
Create a Maven Project
First create a maven project and provide the project details.
Initially, project looks like this:
Spring Security Configuration
Configure the project to implement spring security. It requires following four Java files. First create a package com.javatpoint and put all the files into this.
// AppConfig.java
- package com.tpoint;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.ComponentScan;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.web.servlet.config.annotation.EnableWebMvc;
- import org.springframework.web.servlet.view.InternalResourceViewResolver;
- import org.springframework.web.servlet.view.JstlView;
- @EnableWebMvc
- @Configuration
- @ComponentScan({ "com.javatpoint.controller.*" })
- public class AppConfig {
- @Bean
- public InternalResourceViewResolver viewResolver() {
- InternalResourceViewResolver viewResolver
- = new InternalResourceViewResolver();
- viewResolver.setViewClass(JstlView.class);
- viewResolver.setPrefix("/WEB-INF/views/");
- viewResolver.setSuffix(".jsp");
- return viewResolver;
- }
- }
// MvcWebApplicationInitializer.java
- package com.point;
- import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
- public class MvcWebApplicationInitializer extends
- AbstractAnnotationConfigDispatcherServletInitializer {
- @Override
- protected Class<?>[] getRootConfigClasses() {
- return new Class[] { WebSecurityConfig.class };
- }
- @Override
- protected Class<?>[] getServletConfigClasses() {
- // TODO Auto-generated method stub
- return null;
- }
- @Override
- protected String[] getServletMappings() {
- return new String[] { "/" };
- }
- }
// SecurityWebApplicationInitializer.java
- package com.tpoint;
- import org.springframework.security.web.context.*;
- public class SecurityWebApplicationInitializer
- extends AbstractSecurityWebApplicationInitializer {
- }
// WebSecurityConfig.java
In this class, we are creating user and authenticating as well. The rememberMe() method inside the configure() method is responsible to remember and store user identity.
- package com.tpoint;
- import org.springframework.context.annotation.*;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.*;
- import org.springframework.security.core.userdetails.*;
- import org.springframework.security.provisioning.InMemoryUserDetailsManager;
- import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
- @EnableWebSecurity
- @ComponentScan("com.javatpoint")
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Bean
- public UserDetailsService userDetailsService() {
- InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
- manager.createUser(User.withDefaultPasswordEncoder()
- .username("admin").password("admin123").roles("ADMIN").build());
- return manager;
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests().
- antMatchers("/index", "/user","/").permitAll()
- .antMatchers("/admin").authenticated()
- .and()
- .formLogin()
- .loginPage("/login")
- .and()
- .rememberMe()
- .key("rem-me-key")
- .rememberMeParameter("remember") // it is name of checkbox at login page
- .rememberMeCookieName("rememberlogin") // it is name of the cookie
- .tokenValiditySeconds(100) // remember for number of seconds
- .and()
- .logout()
- .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
- }
- }
Controller
Create a controller HomeController inside the com.javatpoint.controller package. See the controller code.
// HomeController.java
- package com.tpoint.controller;
- import org.springframework.stereotype.Controller;
- import org.springframework.web.bind.annotation.RequestMapping;
- import org.springframework.web.bind.annotation.RequestMethod;
- @Controller
- public class HomeController {
- @RequestMapping(value = "/", method = RequestMethod.GET)
- public String index() {
- return "index";
- }
- @RequestMapping(value = "/login", method = RequestMethod.GET)
- public String login() {
- return "login";
- }
- @RequestMapping(value = "/admin", method = RequestMethod.GET)
- public String admin() {
- return "admin";
- }
- }
View
Create view (JSP pages) to produce output to the browser.
// index.jsp
- <html>
- <head>
- <title>Home Page</title>
- </head>
- <body>
- Welcome to hpnmaratt! <br> <br>
- <a href="admin">Admin login</a>
- </body>
- </html>
// admin.jsp
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <title>Home Page</title>
- </head>
- <body>
- Welcome Admin! ?
- <a href="logout">logout</a>
- </body>
- </html>
// login.jsp
This is our custom login page in which we added remember me check box. See the code.
- <%@ taglib
- prefix="c"
- uri="http://java.sun.com/jsp/jstl/core"
- %>
- <c:url value="/login" var="loginUrl"/>
- <form action="${loginUrl}" method="post">
- <c:if test="${param.error != null}">
- <p>
- Invalid username and password.
- </p>
- </c:if>
- <c:if test="${param.logout != null}">
- <p>
- You have been logged out.
- </p>
- </c:if>
- <p>
- <label for="username">Username</label>
- <input type="text" id="username" name="username"/>
- </p>
- <p>
- <label for="password">Password</label>
- <input type="password" id="password" name="password"/>
- </p>
- <p>
- <label for="remember"> Remember me</label>
- <input type="checkbox" name="remember" />
- </p>
- <input type="hidden"
- name="${_csrf.parameterName}"
- value="${_csrf.token}"/>
- <button type="submit" class="btn">Log in</button>
- </form>
Project Dependencies
Following is our pom.xml file that contains all required dependencies.
// pom.xml
- <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <groupId>com.javatpoint</groupId>
- <artifactId>springrememberme</artifactId>
- <version>0.0.1-SNAPSHOT</version>
- <packaging>war</packaging>
- <properties>
- <maven.compiler.target>1.8</maven.compiler.target>
- <maven.compiler.source>1.8</maven.compiler.source>
- </properties>
- <dependencies>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-webmvc</artifactId>
- <version>5.0.2.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- <version>5.0.0.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-core</artifactId>
- <version>5.0.4.RELEASE</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- <version>5.0.4.RELEASE</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- <version>3.1.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>jstl</artifactId>
- <version>1.2</version>
- </dependency>
- </dependencies>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.6</version>
- <configuration>
- <failOnMissingWebXml>false</failOnMissingWebXml>
- </configuration>
- </plugin>
- </plugins>
- </build>
- </project>
Project Structure
After adding all the files the project structure looks like this:
Run Server
Output:
Click on Admin login link and login.
See, we have clicked on remember me check box.
Copy the URL: http://localhost:8080/springrememberme/admin and close the browser completely. After a second open browser and paste the copied URL.
See, it does not ask for login and land us on the same page. Because we did check remember me button during login.